Cisco  leads  Globalcomm  chai^ 

New  telecom  show  expected  to  be  one  of  year’s  biggest 
and  busiest  industry  events.  PAGE  9. 


The  beta  benefit 

Successful  beta  testers  say  the  reward  for  long  hours 
spent  with  buggy  software  can  be  a  competitive  edge 
for  their  companies.  PAGE  40. 


Taking  over 

New  Enterasys  CEO  Michael  Fabiaschi 
chats  about  privatizing  the  company  and 
competing  with  Cisco.  PAGE  19 
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Web  hosiers  go  green 


One  customer  boasts: 
‘Site  hosted  with  100% 
solar  energy.’ 


BY  JENNIFER  MEARS 

About  two  hours 
south  of  Los 
Angeles  in  the 
desert  town  of  Romo- 
land,  Calif., sits  a  2,000- 
square-foot  building  made 
of  sheet  metal.  Gigantic  solar 
arrays  flank  each  side  of  the 
structure  that  looks  out  on  a 
dirt  road,  punctuated  by  a 
single  sign  that  says  “Burro 
Crossing  Next  Mile.” 

It  would  be  hard  to  guess  that  inside  there  are  more  than  300 
servers  hosting  Web  sites  for  some  12,000  clients  worldwide. 

It’s  not  a  typical  location  for  a  hosting  service  provider’s  data 
center.  But  Affordable  Internet  Services  Online  (AISO)  isn’t  your 

See  Green,  page  18 


Test  shows  Microsoft 
tightening  up  Longhorn 


But  missing  features  include  vir¬ 
tual  machine,  search  optimiza¬ 
tion  and  advanced  clustering. 

BY  TOM  HENDERSON  AND  LASZLO  SZENES, 
NETWORK  WORLD  LAB  ALLIANCE 

The  recently  released  Beta  2  version  of  Microsoft’s 
Longhorn  is  not  yet  feature-complete,  but  encourag¬ 
ing  work  has  been  done  in  the  areas  of  security  man¬ 
agement  and  the  underlying  technology 

The  key  ingredients  still  missing  are  the  Hypervisor 
virtual  machine  application,  necessary  search  opti¬ 
mization  features  and  advanced  clustering  services. 

Microsoft  says  it  will  release  Longhorn  in  a  variety 
of  server  editions  late  next  year  after  it  gets  its  new 
client  operating  system  — Windows  Vista  —  out  the 
door.  (See  timeline,  page  16,  and  Windows  Vista  Beta 
2  test  at  www.nwdocfinder.com/3747.) 

In  this  Clear  Choice  test,  we  looked  at  how  the 


Longhorn  Beta  2  code  changes  Windows  servers’ 
overall  network  security  administration  and  client- 
side  accessibility  Overall,  we  found  that  many  of  the 
upgrade  changes  should  be  relatively  painless,  with  a 
few  potentially  harrowing  exceptions  in  the  area  of 
security  realignment. 

Fferhaps  the  biggest  change  is  the  removal  of  aged 

code  that  supports 
Windows  NT  LAN 
Manager  network 
security  methods. 
These  methods  were 
grandfathered  into  Windows  2000  Server  and  have 
been  the  crux  of  numerous  security  patches  since. 

The  Longhorn  Beta  2  code  signifies  a  move  toward 
a  platform  where  security  providers  use  an  applica¬ 
tion  plug-in  approach  in  which  a  modular  security 
provisioning  system  serves  as  the  anchor.  This 
change  correlates  to  the  elimination  of  the  GINA 

See  Longhorn,  page  16 
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I  CLEAR  CHOICE  IQ 


Broadband  buyers  turning  over  the  reins 


BY  CAROLYN  DUFFY  MARSAN 

Companies  purchasing  broad¬ 
band  Internet  access  for  branch 
and  home  offices  increasingly  are 
turning  to  service  providers  rather 
than  trying  to  manage  DSL  or 
cable  connections  themselves. 

Relying  on  managed  service 
providers  for  broadband  spares 


companies  from  dealing  with 
multiple  ISPs,  whose  provisioning 
and  billing  processes  vary  widely 
and  can’t  match  private-line  or 
frame  relay  services,  customers 
and  industry  watchers  say 
Managed  service  providers  are 
responding  to  the  rapid  growth  in 
business-class  broadband,  which 


has  been  adopted  by  Pitney 
Bowes,  Sbarro  Restaurants,  Jenny 
Craig  and  RadioShack,  among 
other  U.S.-based  multinationals. 
(Corporations  are  helping  drive 
overall  DSL  usage,  which  topped 
138.8  million  subscribers  world¬ 
wide  in  2005,  according  to  the 
DSL  Forum.) 

In  early  May,  Netifice  and  Mega- 
Path  completed  a  merger  to  cre¬ 
ate  what  they  say  is  the  largest 
provider  of  managed  broadband 
VPNs  in  North  America,  with  more 
than  $125  million  in  revenue.  In 
April,  EarthLink  completed  its 
$1 14.3  million  acquisition  of  New 
Edge  Networks,  a  Vancouver, 
Wash.,  managed  service  provider 
See  Managed,  page  12 
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FIGHT  NETWORK 
THREATS 


AuA 

WITH  A  MIGHTY 
LEFT  HOOK 


Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/securit 


Free  Security  Training:  Help  secure  your  network  with  security 
webcasts  and  in-depth,  online  courses.  Register  now  for  free 
security  management  training,  including  upcoming  Security 
Summits  in  one  of  five  major  cities. 


►  Microsoft  Security  Assessment  Tool:  Complete  this 
free,  online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


HivMt  Cofpoiation  All  f:Qhts  reserved  M*cfOsoft,  Antigen,  and  Windows  Server  are  either 
leyisteied  trader nar* .  o-:  trademarks  of  Microsoft  Corporabon  m  tfre  Uriited  States  and/or  other  countries 


*■  Antivirus  for  Exchange:  Download  a  free  trial  of  Antigem^for 
Exchange  and  arm  your  e-mail  server  with  powerful  ixiufti-ehgmi&l  '  j*^^^^ 
protection  from  viruses,  worms,  and  inappropriate  content.  ■ 


►  Free  Tools  and  Updates:  Streamline  patch  management  wit 


automated  tools  like  Windows  Server™  Update  Services:  And,  _ 

verify  that  your  systems  are  configured  for  maximized 
with  Microsoft*  Baseline  Security  Analyzer.  r  -; 


Microsoft 
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YOUR  NETWORK  APPLICATIONS 
ARE  ALWAYS  ON. 

NEVER  STUCK  IN  TRAFFIC. 
NEVER  SICK  FROM  BAD  SEAFOOD 
AND  NEVER  HAVE  "A  MOMENT." 


OVERACHIEVE. 


F5  gives  you  access  to  your  network  applications 


anytime,  anywhere.  Plus,  they'll  run  65%  faster 


do  what  they  were  designed  to  do:  perform. 
More  than  10,000  organizations  around 
the  world  overachieve  with  F5.  Can  yours? 


on  average  while  remaining  safe  and  secure. 

The  F5  mission  is  to  make  your  applications 


THE  WORLD  RUNS  BETTER  WITH  F5 


WWW.F5.COM 
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9  Telecom  show  wars  continue. 

10  VMware  pools  virtual  resources. 

10  Foundry  switch  targets  corporate  VoIR 
14  Rng  hardens  security  software. 

14  Imperva  appliance  tracks  database  accesses. 
14  PGP,  RSA  unveil  encri/ption  initiatives. 

16  Microsoft  bolsters  Exchange  client. 

52  Oracle  mends  fences  with  securiftf  experts. 


Net  Infrastructure  Technology  Update 


Available  only  on  NetworkWorld.com 


The  new  LinuxWorld.com 

Last  week,  we  began  publishing 
LinuxWorld.com,  dedicated  to  cover¬ 
age  of  Linux  and  open  source  in  the 
enterprise.  Check  it  out  and  let  us 
know  what  you'd  want  on  an  enter¬ 
prise  open  source  site. 

DocFinder:  3732 


Hot  Seat  now  in  audio 

You  want  to  watch  the  latest  Hot 
Seat  video,  but  that  might  interfere 
with  your  driving  to  work.  No  prob¬ 
lem:  Download  the  podcast  version 
—  and  listen  to  a  new  interview 
every  week, 

DocFinder:  3734 


ITVideo:  Skype  peripherals 

Cool  Tools  guy  Keith  Shaw  shows 
off  a  bunch  of  peripherals,  including 
the  Polycom  Communicator,  that 
make  the  Skype  calling  experience 
even  better.  DocFinder:  3733 


VoiP  and  SMBs 

Test  Alliance  member  James  Gaskin 
points  you  to  several  VoIP  case 
studies  for  folks  trying  to  get  a 
handle  on  it  all. 

DocFinder:  3735 


19  O&A:  Enterasys  CEO  takes  over. 

19  Execs  express  top  security 
concerns. 

20  Mike  Rothman:  Corralling  the 
zombies. 

Enterprise  Computing 

23  Going  green?  Active  Power 
might  have  the  UPS. 

23  Linux  comes  to  Sun  SPARC 
servers. 

Application  Services 


31  Devices  speed  CIFS  WAN 
traffic. 

31  Steve  Blass:  Ask  Dr.  Internet. 

32  Mark  Gibbs:  The  quest  for  the 
Holy  Remote. 

32  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff 

Opinions 

34  On  Technology:  H  16  limits 
raised,  controversy  ignited. 

35  Chuck  Yoke:  Here  we  go  again 
.  .  .  sort  of 


Beta  testing  buggy  products  can  give  your  company  a 
competitive  edge.  Just  ask  Jim  Nauer,  left,  and  Barron 
Hulver  at  Case  Western  Reserve  University.  They’ve 
embarked  on  six  major  beta  tests  over  the  past  15  years 
and  they  say  that  getting  your  hands  on  early  versions  of 
products  can  have  significant  business  benefits. 


25  Supply  execs  share  disaster 
strategies. 

25  Jabber  adds  IM,  directory 
integration. 

26  Scott  Bradner:  Who  is  going 
to  watch  the  watchers? 

Service  Providers 

27  Johna  Till  Johnson: 

Half  a  levy  is  better  than  one. 

27  Tax  abolished,  but  collection 
may  linger. 

27  ADC  acquires  Andrew. 


COOL  TOOLS 


The  Lenovo  NIOO's 
widescreen  LCD 
screen  blew  us 
away.  Pago  32 


35  James  Kobielus:  Master 
data  management  is  key  to 
compliance. 

54  BackSpin:  Of  rootkits  and  per¬ 
sonal  responsibility. 

54  'Hot  Buzz:  Have  identity  thieves 
stolen  my  judgment? 

Management 

Strategies 

45  How  to  prepare  for  a  _ 

CISD  position:  Security  pro¬ 
fessionals  must  know  the  busi¬ 
ness  to  rise  through  the  ranks. 


guide[^ 


Two-factor 
authentication 

We  all  know  user  name  and  pass¬ 
word  doesn't  cut  it  anymore.  But  what  are  the  alternatives?  In 
this  Guide,  we  provide  a  road  map  for  implementing  two-factor 
authentication,  with  examples  from  companies  such  as  Bank  of 
America,  E'Trade  and  the  National  Notary  Association,  where 
Richard  Hansberger  is  rolling  out  digital  certificates.  Page  36 
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Clear  Choice 

CLEARCHOICElOlTest: 

GieaStor  fro 


GigaStor  from 

Network  Instruments  is  a  network  traffic 
analyzer  that  can  handle  WAN  traffic  with  ease.  Page  43, 


■  CONTACT  US  Network  World,  IISTurnpike  Road, 
Southborough,  MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490- 
6438;  E-mail:  nwnews@nww.com;  STAFR  See  the  masthead  on 
page  12  for  more  contact  information.  REPRINTS:  (717)  399-1900 

■  SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490- 
6444;  Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com;  URU 
www.subscribenw.com 


Online  help  and  advice 

A  real-time  sync 

Help  desk  guru  Ron  Nutter  helps  a 
reader  figure  out  the  best  way  to 
synchronize  the  time  on  his  network 
devices.  DocHnder:  3736 

Regional  clusters  and  VoIP 

Analyst  Robin  Gareiss  shows  how  a 
regional  framework  can  help  extend 
VoIP  from  your  main  office  to  the 
branches.  DocFinder:  3737 

What  happens  when  you  ship  your 
tapes  out  for  safekeeping? 

Storage  Newsletter  writer  Mike 
Karp  examines  backup  companies 
that  lose  not  just  single  tapes  but 


Seminars  and  events 


whole  boxes  of  them. 

DocFinder:  3738 

Encrypting  backups  to  avoid 
disasters 

Security  Strategies  Newsletter 
writer  M.E.  Kabay  explains  why 
you  need  to  be  extra  careful  when 
it  comes  to  sensitive  data  on  your 
employees'  laptops. 

DocFinder:  3739 

Winternals  Recovery  Manager 

Dave  Kearns  takes  the  latest  ver¬ 
sion  of  this  remote-recovery  tool 
out  for  a  spin. 

DocFinder:  3739 


Application  &  Content  Security:  Building  The  Defensible  Network 

Learn  how  today's  fortress  network  integrates  VoIP  and  wireless  into  the 
security  grid;  implements  automatic  patch  management:  audits  perfor¬ 
mance  and  identifies  weaknesses:  and  protects  core  data  and  critical 
applications.  Attend  the  free  Technology  Tour  event  your  enterprise 
doesn't  want  you  to  miss.  For  cities  and  dates  and  how  to  qualify  to 
attend  free,  visit  DocFinder:  3741. 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder;  1001 

Free  e-maii  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder.  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  Jump  directly 
to  the  requested  information. 
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Oracle  snaps  up  supply  chain  management  vendor 

■  Oracle  last  week  announced  it  will  acquire  another  business  applications 
vendor,  this  time  scooping  up  supply  chain  management  company 
Demantra  for  an  undisclosed  sum.  Demantra’s  software  includes  analyt-  ^ 
ics  tools  that  help  big  businesses  forecast  demand  for  their  products,  as 
well  as  applications  for  planning  sales  and  promotional  activities.  Its 
customers  include  fast  food  outlet  Wendy’s  International,  consumer 
goods  maker  Unilever  Group  and  pharmaceutical  conglomerate 
Johnson  &  Johnson.  It’s  the  latest  in  a  string  of  acquisitions  by  Oracle  to 
broaden  its  applications  division  and  help  it  compete  more  effectively  with  rival 
SAP  Oracle  also  is  in  the  process  of  buying  billing  applications  vendor  Fbrtal 


TheGoodTheBadTheUgly 

<  Forget  the  'Net  and  make  me 

invisible.  DARPA,  the  organization  that 
brought  you  the  predecessor  to  the  Internet,  has 
something  really  amazing  up  its  sleeve:  technol¬ 
ogy  that  could  make  things  appear  invisible. 
i  The  latest  issue  of  the  journal  Science  details 
[  research  by  scientists  In  the  United  States  and 
the  United  Kingdom  that  has  been  funded  by 
HV  DARPA,  which  hopes  the  research  will  result  in 
stealth  technologies  that  the  military  can  exploit. 

Shooting  for  StarOffice.  The  first 

virus  affecting  StarOffice  was  detected  last  week,  but  so 
far  It  isn't  being  used  to  infect  computers.  Since  the  virus  has 
not  been  launched  with  malicious  intent,  a  teenage  hacker  may  have 
written  it,  says  a  Kaspersky  Lab  engineer.  The  virus  uses  macros  to 
attack  Sun's  office  suite. 


Software  for  about  $220  million.  Other  purchases  include  i-flex  Solutions,  which 
makes  banking  applications,  and  Retek  and  ProfitLogic,  which  make  software  for  the 
retail  industry 


Chicago  hops  on  Wi-Fi  bandwagon 

■  Chicago  is  the  next  big  city  looking  to  deploy  a 
metrowide  Wi-Fi  network.  The  wireless  network  will 
be  built  on  top  of  city-owned  infrastructure  where 
access  points  can  be  deployed.The  infrastructure  will 
include  streetlights  and  lamp  poles,  in  addition  to  pri¬ 
vate  sites.The  network  will  require  about  7,500  anten¬ 
nas  and  cost  $18.5  million.  Chicago’s  mayor  says  one 
reason  the  city  is  looking  into  a  metrowide  network 
to  offer  free  and  low-cost  Internet  access  is  to  help 
the  city’s  lower-income  residents.  The  city  is  looking 
for  a  company  to  build  and  support  its  Wi-Fi  network 
that  can  offer  low  service  rates,  free  service  to  schools 
and  city  parks,  and  coverage  in  the  city’s  lowest- 
income  areas. 

Africa  gaining  in  call  center  sites 

■  The  next  time  you  make  a  call  to  a  customer  care 
center,  you  might  reach  an  agent  in  Morocco 
instead  of  Mumbai. That’s  because  African  countries 
will  lead  call  center  growth  through  20 10,  according 
to  research  released  by  Datamonitor  last  week. 
African  countries  typically  offer  a  low-cost  location, 
workers  who  often  have  excellent  language  skills, 
and  governments  and  private  companies  that  are 
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“Thanks  for  nothing,  Bill.  I’ve 
heard  of  vaporware,  but  not 
vapor- hardware.” 

Anonymous  poster  on  Digg.com  reacting  to  news  that  Microsoft 
had  declared  an  end  to  its  promotional  giveaway  of  free  USB 
storage  drives,  citing  an  “only  while  supplies  last" clause. 

See  story  at  www.nwdocfinder.com/3742 


working  to  attract  outsourcing  contracts,  according 
to  Datamonitor,  a  UK.  research  company.  For  exam¬ 
ple,  Morocco  and  Tunisia  are  ideal  spots  for  out¬ 
sourcing  customer  care  operations  that  serve 
French  speakers,  although  Morocco  is  developing 
English  and  Spanish  speaking  talent  as  well. 
Companies  often  struggle  to  find  low-cost  options 
for  outsourcing  call  centers  that  can  support 
French  speakers,  Datamonitor  said.  Egypt  will  con¬ 
tinue  to  be  a  popular  customer  care  center  loca¬ 
tion.  Sub-Saharan  Africa  traditionally  hasn’t  been  a 


“It's...  OUT  of  here  .  .  .  (and  so 
ami).” 


Gary  Robinson  of  Wadsworth,  Ohio,  wins  the  lat¬ 
est  round  of  our  Weekly  Caption  Contest  Head 
back  each  Monday  for  the  latest  picture  and  get 
your  chance  to  win. 

www.networkworid.com/weblogs/layer8 


GA  stumbles.  In  an  unexpected  development,  CA  last  week 
delayed  Issuing  its  final  fourth-quarter  and  full  fiscal  2006  results  and 
restated  its  third-quarter  results,  in  part  due  to  the  impact  of  a  new 
sales-commission  plan.  "Clearly  we  are  disappointed  that  what  would 
have  been  a  solid  year  was  impacted  by  execution  issues  relating  to 
commissions,"  CEO  John  Swainson  said. 


top  choice  for  call  centers  but  is  beginning  to 
attract  some  companies,  Datamonitor  said. 
Botswana,  Ghana  and  Kenya  have  been  seeking 
outsourcing  contracts. 

Adobe  may  sue  Microsoft 

■  Adobe  is  expected  to  file  an  antitrust  lawsuit 
against  Microsoft  in  Europe  after  talks  between  the 
two  failed  to  resolve  a  dispute  over  Microsoft’s  use 
of  Adobe’s  PDF  software.  The  Wall  Street  Journal 
reported  last  week.  Microsoft’s  Office  suite  includes 
PDF  and  Adobe  wants  its  software  to  be  removed 
and  offered  for  a  fee,  according  to  the  report.  Micro¬ 
soft  is  willing  to  take  PDF  out  of  Office  but  does  not 
want  to  charge  for  it.  Brad  Smith,  Microsoft’s  general 
counsel,  is  quoted  as  saying.  Representatives  of 
Microsoft  and  Adobe  in  Europe  could  not  be 
reached  for  comment. 

Microsoft  flaw  found 

■  A  new  flaw  found  in  Microsoft’s  software  could  be 
exploited  to  cause  a  denial-of-service  attack  on  cer¬ 
tain  applications,  although  the  bug  isn’t  viewed  as 
being  severe. The  flaw  could  be  exploited  through  a 
buffer  overflow  attack,  security  vendor  Secunia  re¬ 
ported  last  week.  For  the  attack  to  occur, a  user  would 
have  to  visit  a  malicious  Web  site  with  an  overly  long 
URL,  or  open  an  Internet  shortcut  that  leads  to  such  a 
site.  Microsoft  said  last  week  that  it  was  investigating 
the  flaw  and  it  wasn’t  aware  of  any  attacks  yet  taking 
advantage  of  it.  The  problem  affects  the  Home  and 
Professional  editions  of  Microsoft  Windows  XP 
Service  Pack  2,  and  four  versions  of  Windows  Server 
2003:  Datacenter,  Enterprise,  Standard  and  Web  edi¬ 
tion,  Secunia  said. 


HP  ProLiant  BL35p  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Dual-Core  AMD  Opteron™  200  Series  processors 

•  High  density:  Up  to  96  servers  per  rack 

■  Fiexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™;  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


Chaos,  now  under 
your  control. 


•  Integrated  Cisco  or  Nortel  switch  opbons 

Save  up  to  $450  on  select  AMD  based  Blade  Servers.' 


HP  BladeSystem  servers  offer  tools  to  help  you  keep  pace  v/ith  fluctuating  demands. 
The  HP  ProLiant  BL35p  Blade  Server  is  designed  to  relieve  some  of  the  stress.  Its 


AMD  Opteron^*^  processors  offer  dual-processor  power  with  breakthrough  efficiency. 
With  management  features  like  the  Rapid  Deployment  Pack  that  lets  you  deploy 
and  redeploy  blades  without  missing  a  beat,  and  a  single-view,  graphical  user 
interface  that  streamlines  monitoring  and  configuration,  HP  BladeSystem  servers  work 


with  StorageWorks  Essentials  Management  Software 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility 

•  2GB/1GB  Fibre  connecbons  to  host 

Get  2TB  of  storage  free  ($2,008.80  value)’ 


with  you  so  you  don't  have  to  work  so  hard.  And,  bundled  with  the  StorageWorks 
MSAISOOcs,  you  can  reduce  the  cost  and  complexity  of  deploying  a  storage  area 
network,  giving  you  a  better  return  on  investment. 


Save  up  to  $450  on  select  AMD  based  Blade  Servers.’ 


AMD 


Opteron 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


Call  1-888-223-5441 
Click  hp.com/go/bladesmag49 
Visit  your  local  reseller 


1.  Save  up  to  $450  on  select  AMD  based  Blade  Servers.  Otter  valid  through  7/31/06.  2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  ISOOcs  devices.  Offer  valid  through  7/31/06.  All  offers  available  Irom  HP  Direct  and  participating  resellers.  Prices  shown  are 
HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  ter  full  details.  For  hard  drives,  1GB  =  1  billion  bytes.  Actual  formatted  capacity  is  less.  Photography  may  not  accurately  represeni  exact 
configurations  priced.  Associated  values  represent  HP  published  list  price.  AMD,  the  AMD  Arrow  Logo.  AMD  Opteron  and  combinations  thereof  are  trademarks  of  Advanced  Micro  Devices.  Inc.  ©2006  Hewlett-Packard  Development  Company,  L.P. 


path  Id  greater sustained  growth. 

'•'i  •''■'■ ■■  .  >- 

Integrate  vQjcJe' data^  video  onto  one  global 
vpad’i|f!S/applicati^^  run  more  efficiently  around 
ins  not^dnly  the  control  and  visibility  of  his  entire 


'  2006  AT&T  Knowledge  Ventuies.  All  ftjhli 


6.5.06  •  www.networkworld.coin  •  9 


Telecom  show  wars  continue 

TIA  conference  follows  USTA'sTelecomNext;  Cisco,  Juniper,  others  to  air  produots. 


Global  ambitions 


The  lowdown  on  the  inaugural  Globalcomm  conference,  which  replaces 
Superconnm  as  the  Telecommunications  Industry  Association's  annual 
industry  event. 


Location: 

McCormick  Convention  Center,  Chicago 

Expected  attendance: 

20,000-plus 

Exhibitors: 

500  from  104  countries 

Exhibition  space: 

230,000  square  feet  (includes  35,000  square  feet  from  collocated  OSP  Expo) 

Key  topics: 

'Net  neutrality,  IP  TV,  IMS,  VoIP,  wiretapping,  disaster  recovery  Ethernet  business 
services,  fixed/mobile  convergence,  enterprise  mobility 

BY  JIM  DUFFY 

The  telecom  industry  convenes  this  week 
at  the  second  of  two  major  trade  shows 
spawned  from  the  dissolution  of  the 
Supercomm  conference.  Exhibitors  such  as 
Cisco  and  Juniper  plan  to  showcase  offer¬ 
ings  designed  to  support  new  carrier  ser¬ 
vices  from  metro  Wi-Fi  to  IP  TV 

The  inaugural  Globalcomm  kicks  off 
after  the  separation  of  Supercomm’s  joint 
sponsors,  the  Telecommunications  Indus¬ 
try  Association  (TIA)  and  the  United 
States  Telecom  Association  (USTA).  After 
collaborating  for  18  years,  the  organiza¬ 
tions  went  their  separate  ways  after  last 
year’s  Supercomm. 

The  USTA  launched  TelecomNext  earlier 
this  year;  now  it’s  the  TlAs  turn,  just  as  the 
industry  pauses  from  the  frenetic  consoli¬ 
dation  pace  among  carriers  and  their  sup¬ 
pliers.  And  Globalcomm  promises  to  be  as 
busy  as  Supercomm  was  last  year,  accord¬ 
ing  to  Matt  nanigan,TlA  president. 

Attendance,  exhibition  space  and 
exhibitor  numbers  will  be  close  to  those 
of  Supercomm  2005,  Flanigan  says  (see 
graphic). 

TelecomNext,  held  in  Las  Vegas  in  March, 
was  about  half  the  size,  with  more  than 
10,000  attendees,  275  exhibitors  and 
215,000  square  feet  of  exhibition  space.  But 
what  TelecomNext  lacked  in  size,  it  more 
than  made  up  for  in  content  —  CEOs  from 
major  carriers,  media  companies,  regula¬ 
tors  and  enterprises  delivered  candid  com¬ 
ments  on  a  range  of  controversial  topics, 
such  as  ’Net  neutrality  (www.nwdocfinder. 
com/3743). 

Expect  more  of  the  same  at  Globalcomm. 
’Net  neutrality  will  be  one  of  the  hotter  top¬ 
ics  at  the  show,  along  with  IP  TV,  IP 
Multimedia  Subsystem  (IMS), Voip wiretap¬ 
ping,  disaster  recovery  Ethernet  business 
services,  fixed/mobile  convergence,  and 
issues  and  challenges  with  enabling  the 
mobile  enterprise. 

Cisco,  Juniper  and  more 

A  steady  stream  of  products  is  expected 
to  be  announced.  Cisco  is  unveiling  signifi¬ 
cant  enhancements  to  a  few  of  its  edge 
router  lines  in  an  effort  to  raise  the  level  of 
customer/carrier  interaction. 

One  enhancement  is  Ethernet  opera¬ 
tions,  administration  and  maintenance 
capabilities  on  the  Cisco  7600  router  line  to 
improve  service  assurance. The  7600  series 
routers  now  support  IEEE  802.  lag  and  IEEE 
802.3ah  standards,  which  let  providers 
manage  customer  service  instances  indi¬ 
vidually  and  alerts  them  when  an  Ethernet 
virtual  circuit  has  failed;  the  routers  also 
provide  link  monitoring  for  critical  events 
and  discover  when  one  direction  of  trans¬ 
mission  fails. 


Cisco  is  expected  to  unveil  a  module  for 
the  7600  targeted  at  metropolitan  Wi-Fi 
mesh  aggregation  to  more  efficiently  deliv¬ 
er  integrated  fixed/mobile  services,  as  well 
as  a  Multicast  Connection  Admission 
Control  capability  to  manage  bandwidth 
oversubscription  for  IP  TV 

Cisco  also  is  rolling  out  souped-up  en¬ 
gines  for  its  10000  and  7200  series  edge 
routers,  and  software  that  enables  the  dev¬ 
ices  to  gain  advanced  subscriber  aware¬ 
ness,  resource  provisioning  and  access 
control  intelligence  to  speed  the  delivery 
of  IP  services. 

Juniper  also  has  found  some  Ethernet 
religion.  Months  after  dismissing  Ethernet 
as  an  “interface,  not  an  architecture’’  to 
defend  itself  from  edge  router  market  share 
gains  by  Alcatel  (www.nwdocfinder.com/ 
3744),  Juniper  plans  to  unveil  a  series  of 
Ethernet  service  modules  for  its  M-  and  T- 
series  routers. 

The  modules  are  designed  to  enable  ser¬ 
vice  providers  to  provision  Ethernet  ser¬ 
vices  with  sophisticated  QoS  and  traffic 
management  features.  They  support  over¬ 
subscription  and  hierarchical  queuing 
capabilities  for  services  such  as  virtual  LAN 
(VLAN)/transparent  LAN,  Layer  2/3  VPNs, 
VoIP  and  video  over  IP  —  over  Ethernet, 
with  guaranteed  service-level  agreements. 
Juniper  says. 

They  also  can  be  used  for  Ethernet  aggre¬ 
gation,  according  to  a  Juniper  presentation 
on  the  products.  But  the  company  took 
pains  to  distance  itself  from  that  applica¬ 
tion,  perhaps  fearful  of  endorsing  an  Alcatel 
architecture  that  seems  to  be  working  for 
the  French  company  and  against  Juniper. 

“This  product  isn’t  positioned  towards  the 
aggregation  layer  or  the  access  layer(  says 
Tom  DiMicelli,  Juniper  product  marketing 
manager.  “It’s  not  designed  to  provide  best- 
effort  service,  although  it  can.  It’s  primarily 
designed  to  underpin  these  Ethernet  ser¬ 
vices  [and]  provide  a  high-value,  high- 
margin  opportunity  for  the  service 
provider^ 

The  oversubscription  capabilities  of  the 
modules  can  gather  access  switches  or 


Ethernet  aggregation  switches  and  map 
VLAN  tags  to  edge  and  core  MPLS  and  vir¬ 
tual  private  LAN  services  label  switched 
paths,  obviating  the  need  for  enterprises  to 
deploy  more  complex  —  and  expensive  — 
IP-enabled  devices  at  the  access  edge, 
DiMicelli  says. 

Another  Ethernet  announcement  is 
expected  to  come  from  Lucent,  which  will 
unveil  an  architecture  for  uniting  its  switch¬ 
ing,  routing  and  optical  products  into  an 
“integrated  Ethernet/optical  metro  core”  to 
provide  service  intelligence  and  QoS  for 
personalized  delivery  of  voice,  data  and 
video  applications.  The  so-called  Acuity 
architecture  includes  Lucent’s  recently 
acquired  Riverstone  Ethernet  routers,  as 
well  as  two  new  products;  the  Lucent 
Resource  Manager  for  centralized  control 
of  all  elements  in  the  Acuity  architecture; 
and  the  Universal  Packet  Mux,  which  com¬ 
bines  wave  division  multiplexing,TDM  and 
packet  switching  for  a  converged  transport 
and  access  network. 

Qther  Ethernet  news  will  include  the 
addition  of  VDSL2  and  Fast  Ethernet  to 
Tellabs’  1 150  multiservice  access  system  to 
deliver  up  to  100Mbps  to  each  subscriber 
for  video,  voice  and  high-speed  data;  the 
deployment  of  Hatteras  Networks’  “mid¬ 
band”  Ethernet  products  at  competitive 
local  exchange  carrier  Remi  Communi¬ 
cations,  as  well  as  $21  million  in  new  fund¬ 
ing  for  Hatteras;  Ethernet  performance 
monitoring  enhancements  for  ADVAs  FSP 
150  access  product;  and  a  software  update 
to  MRV’s  QptiSwitch  9000  aggregation  prod¬ 
uct  to  support  aggregation  of  IEEE  802.3ah 
Ethernet  in  the  First  Mile  standard  devices, 
and  autCMJiscovery  of  all  802.3ah  enabled 
customer  premise  equipment. 

VoIP  also  will  be  prevalent  at  Global¬ 
comm,  with  Global  Crossing  unveiling  a 
network-based  VoIP  VPN  service  for  enter¬ 
prises  called  VoIP  Qn-Net  Plus. The  service 
lets  companies  migrate  to  a  converged  IP 
service  that  consolidates  voice  and  data 
networks  on  a  single  IP  network, and  allows 
the  migration  of  existing  voice  VPNs,  Global 
Crossing  says.  ■ 


Dynamic 
Networking. 
D  silvered. 


Dynamic  Networking  from 
AT&T  is  a  comprehensive 
approach  to  optimizing 
business  performance 
including  the  services  and 
intelligence  of  a  converged 
networking  environment. 

Converged  networking 
delivers; 

1 - 

I  High-performing 
business  applications  for 
greater  value,  efficiency 
and  productivity. 

Information  delivered 
faster  to  the  people 
who  need  it  —  decision 
makers,  sales,  customers 
and  suppliers  —  for 
increased  collaboration 
j  and  responsiveness. 

Improved  control  across 
all  activities  in  the 
I  organization  to  identify  . 
changing  circumstances 
and  adjust  network 
performance  in  response. 

One  global  IP  network 
that  reaches  127  countries  - 
for  flexible  growth. 

Learn  how  Dynamic 
Networking  can  enable 
your  enterprise  by 
downloading  the  white  - 
paper  series,  Convergence^  v;  j 

A  Four  Point  Framework,  ht  '~ 

.  •  ■■  ■■ 
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VMware  pools  virtual  resources 


Beyond  consolidation 

VMware  is  focusing  on  managing  virtual  environments  with  its 

new  software  suite.  Highlights  of  VMware  Infrastructure  3: 

•  Support  for  four-way  virtual  machines  and  up  to  16GB  of  memory  to  support  a 
broader  array  of  workloads. 

•  NAS  and  iSCSI  support  to  let  virtual  machines  tap  into  shared  storage. 

•  VMware  Distributed  Resource  Scheduling  along  with  VMotion  to  allocate  virtual 
resources  as  application  needs  demand, 

•  VMware  High  Availability  to  move  and  restart  workloads  should  hardware  failures  occur. 

•  VMware  consolidated  backup  to  offload  backup  processes  to  a  centralized  server, 
freeing  up  virtual  servers. 


BY  JENNIFER  MEARS 

VMware  this  week  is  expected 
to  unveil  software  designed  to  let 
customers  group  compute  re¬ 
sources  into  a  virtual  pool  that 
can  be  allocated  to  workloads 
depending  on  application  de¬ 
mands,  eliminating  the  need  for 
manual  intervention. 

Called  Infrastructure  3,  the  prod¬ 
uct  expands  VMware’s  features  by 
zeroing  in  on  automation  and 
high  availability  VMware  made  its 
first  move  into  so-called  utility 
computing  in  2003  when  it  intro¬ 
duced  VirtualCenter,  management 
software  that  included  VMotion 
technology  to  move  running  vir¬ 
tual  machines  among  physical 
servers.  Customers  can  move  vir¬ 
tual  machines,  but  the  process 
requires  a  great  deal  of  manual 
intervention.With  Infrastructure  3, 
management  of  virtual  machines 
is  more  automated,  says  Patrick 
Lin,  director  of  data  center  plat¬ 
forms  at  VMware. 


BY  PHIL  HOCHMUTH 

In  July  Foundry  is  expected  to 
announce  new  corporate  Ether¬ 
net  gear  for  business  networks, 
with  a  focus  on  VoIP  and  Power 
over  Ethernet. 

The  Foundry  Fastiron  SX  800 
and  1600  switches  are  chassis- 
based  products  aimed  at  simplify¬ 
ing  VoIP  rollouts,  with  redundant 
FbE  capabilities  and  some  auto¬ 
matic  configuration  features  for  IP 
phones. 'Fhe  eight-slot  Fastiron  SX 
800  will  support  up  to  192  BoE 
ports,  while  the  16-slot  SX  1600 
boxes  will  power  up  to  384 
10/ 100/ 1000Mbps  PoE  Ethernet 
ports.  Both  switches  support  Class 
3  —  15.4-watt  —  ftrE,  more  than 
enough  to  power  mo.st  IP  phones 
and  wireless  LAN  access  points, 
according  to  the  vendor. The  Fast¬ 
iron  SX  800  chassis  also  will  hold 
up  to  36  lOG  Ethernet  ports;  SX 
800  will  hold  20  lOGbps  ports  (24- 
port  10/100/1000  modules  and 
two-port  lOG  Ethernet  blades  are 
UMid  in  the  product).  Fiber-based 
port  modules  also  will  be  avail¬ 
able  for  the  switch,  with  100/10(X) 
speeds  supported. 

For  Voip  the  switches  will  sup¬ 
port  redundant  PoE  power  sup- 


“VMotion  let  you  move  virtual 
machines  around,  but  you  had  to 
understand  exactly  what  the  per¬ 
formance  was  on  that  virtual  ma¬ 
chine  at  a  given  point  in  time  and 
you  had  to  manually  move  it 
where  you  wanted  it  to  go.  You 
had  to  watch  things  closely/’  Lin 
says.“We’ve  automated  all  that.  So 
now  you  can  power  up  a  virtual 
machine  and  not  have  to  think 
about  it.” 

Ed  Baldwin,  senior  network  en¬ 
gineer  at  Enbridge  Energy  Com¬ 
pany  in  Houston,  which  has  been 
beta-testing  Infrastructure  3,  says 
the  automation  features  are  a  plus 
because  he  now  can  focus  man¬ 
agement  resources  in  more  pro¬ 
ductive  areas.  Previously,  Baldwin 
had  to  manually  check  resource 
availability  to  ensure  virtual  ma¬ 
chines  were  running  on  the  best 
physical  server. 

“The  distributed  resource  sched¬ 
uling  is  going  to  be  an  added 
bonus  because  1  won’t  have  to  sit 


Power  sports 

Foundry’s  new  Fastiron  SX 
800  and  1600  switches 
target  VoIP  and  PoE- 
dependent  applications, 
and  include  triple-speed 
Ethernet  and  10G  Ethernet 
support.  Highlights  include: 

•  Up  to  384  10/100/1000  Class  3 
(15.4-watt)  PoE  ports. 

•  Up  to  36 10G  Ethernet  ports. 

•  Dual  power  distribution  for  PoE  and 
the  switch  chassis. 

•  Dynamic  voice  VLAN  conDguration. 

•  Support  for  802,3af  devices, 
including  IP  phones,  access  points 
and  security  cameras. 

•  Support  for  Cisco's  legacy  IP  phones 
with  proprietary  PoE. 


plies  and  include  a  feature  for  de¬ 
tecting  if  a  connected  device  can 
accept  FbE  current.  (This  elimi¬ 
nates  the  risk  of  accidentally  plug¬ 
ging  non-FbE  devices  into  a  pow¬ 
ered  port  and  damaging  the 
equipment.) 


there  and  wonder,‘Is  that  machine 
really  on  the  right  host?’  With 
Infrastructure  3  doing  its  checks 
and  balances  to  determine  which 
host  it  needs  to  be  on,  that’s  going 
to  be  a  great  benefit  for  us,”  he 
says. 

VMware  Distributed  Resource 
Scheduler  is  one  of  several  new 


The  Fastiron  SX  switches  also 
will  detect  if  an  IP  phone  is  con¬ 
nected  to  a  switch  port.  If  an  IP 
phone  is  detected, the  connection 
is  configured  into  a  separate  virtu¬ 
al  LAN  segment,  which  aggregates 
VoIP  traffic  and  protects  the  IP 
telephony  calls  from  interruptions 
because  of  network  congestion, 
Foundry  says.  The  Fastiron  SX 
switches  will  support  the  Cisco 
Discovery  Protocol  (supported  by 
Cisco  IP  phones)  and  802.  IX  IP 
phone  authentication  (supported 
in  Avaya,  Cisco,  Mitel,  Shortel  and 
Nortel  phones).  Later  this  year. 
Foundry  will  introduce  the  emerg¬ 
ing  Link  Layer  Discovery  Protocol- 
Media  Endpoint  Discovery  stan¬ 
dard  for  discovering,  configuring 
and  powering  IP  phones. 

A  key  change  in  the  Fastiron  SX 
architecture  is  the  separate  power 
supplies  for  the  switch  system 
power  and  the  PoE  modules, 
whereas  past  Foundry  switches 
and  competitive  products  have 
had  shared  system/PoE  power 
supplies. 

“As  you  add  more  PoE  ports,  you 
don’t  affect  system  power^  says 
Bob  Schiff,  director  of  Foundry’s 
enterprise  business  unit. “You  just 


software  products  that  come  bun¬ 
dled  in  Infrastructure  3,  along  with 
VMware’s  flagship  ESX  Server  and 
VirtualCenter  (see  chart). 

VMware  is  “realizing  that  they’ve 
got  to  improve  platform  manage¬ 
ment  as  large  companies  take 
these  virtual  environments  into 
production,”  says  Stephen  Elliot,  a 


need  more  PoE  modules.  And 
should  there  be  FbE  failure,  you 
don’t  lose  system  power’ 

The  new  Fastiron  SX  switches 
compete  with  Cisco’s  Catalyst 
4500  and  6500  switches,  as  well  as 
small  and  large  chassis  versions 
of  Extreme’s  BlackDiamond  lOK 
and  Nortel’s  Enterprise  Routing 
Switch  8300  and  8600.  Foundry 
says  it  expects  to  formally  launch 
the  Fastiron  SX  and  provide  pric¬ 
ing  information  in  July 

Meanwhile,  debuting  at  the 
Globalcomm  2006  show  this 
week  is  Foundry’s  Netiron  M2404, 
a  device  meant  to  sit  in  a  multi¬ 
tenant  building,  terminating  carri¬ 
er  Ethernet  links  and  deliver  up  to 
100Mbps  of  Ethernet  bandwidth. 

The  device  includes  24  copper 
10/100  ports  and  four  optional 
fiber  or  copper  Gigabit  Ethernet 
ports  for  uplinks  to  a  metropolitan 
Ethernet  router  at  the  carrier  edge. 
The  M2404  supports  MPLS  and 
Layer  2  VPN  service  capabilities, 
and  can  be  configured  in  a  redun¬ 
dant  setup  with  a  second  M2404, 
allowing  for  sub-50-millisec  fail¬ 
over  of  a  connection  for  MPLS  links. 

The  M2404  will  be  available  in 
August  for  $9,500.  ■ 


research  manager  at  IDC.  By  rais¬ 
ing  the  focus,  it  also  brings  VM¬ 
ware  into  greater  competition 
with  partners  such  as  IBM  and  HE 
which  long  have  focused  on  cre¬ 
ating  tools  to  better  manage  virtu¬ 
al  resources.  Elliot  says  customers 
should  expect  to  continue  to  see 
higher-level  management  features 
from  VMware,  including  a  larger 
focus  on  security  as  virtual  envi¬ 
ronments  play  a  growing  role  in 
data  centers. 

Enbridge,  for  example,  contin¬ 
ues  to  migrate  everything  from 
Citrix  to  Active  Directory  to  home¬ 
grown  applications  onto  virtual 
machines.  Since  January  the  oil 
and  gas  pipeline  company  has 
consolidated  some  50  servers 
onto  10  physical  machines  that 
now  run  more  than  130  virtual 
servers  altogether. 

Baldwin  estimates  the  company 
has  saved  about  $1.5  million  by 
using  VMware  and  expects  to  see 
even  more  savings  by  using  Infra¬ 
structure  3. 

In  addition  to  the  management 
enhancements,  Baldwin  says  he 
is  particularly  happy  about  up¬ 
dates  in  ESX  Server  3  that  enable 
a  virtual  machine  to  span  four 
processors  and  up  to  16GB  of 
memory,  a  marked  increase  from 
the  two-processor,  3.5GB  limit  on 
the  current  ESX  Server  product. 

“Now  I  can  put  more  work¬ 
loads  on  the  virtual  servers,” 
Baldwin  says.“Servers  that  before 
were  too  powerful  to  run  [in  a 
virtual  machine]  now  can  run  in 
a  virtual  system.” 

VMware  Infrastructure  3  comes 
in  three  configurations,  with  an 
entry  level  that  includes  only  the 
basic  ESX  Server  product,  stor¬ 
age  connectivity  and  Virtual- 
Center  starting  at  around  $1,000. 
VMware  Infrastructure  Enter¬ 
prise,  which  includes  ESX  Server, 
VMFS  —  VMware’s  distributed 
file  system  for  virtualizing  stor¬ 
age,  Virtual  SMP  VirtualCenter, 
VMotion,  Distributed  Resource 
Scheduler,  High  Availability  and 
Consolidated  Backup,  starts  at 
$5,750.  VMware  Infrastructure 
Standard,  which  is  targeted  for 
departmental  deployments  and 
includes  ESX  Server,  clustered 
VMFS  for  storage  connectivity 
and  consolidation,  and  Virtual 
SMP  to  support  four-processor 
virtual  machines,  as  well  as 
VirtualCenter.lt  starts  at  $3,750.  ■ 


Foundry  switch  taints  corporate  VoIP 


Trend  Micro™  and  Cisco  Systems® —  working  together. 

To  defend  against  today's  aggressive  threats,  networking  and  security 
must  be  tightly  intertwined.  That's  why  Cisco  Systems  collaborates  with 
Trend  Micro  to  deliver  24  x  7  real-time  threat  intelligence  and  outbreak 
prevention  services  in  solutions  like  Network  Admission  Control, 

Incident  Control  System,  Adaptive  Security  Appliances,  and  more. 

Trend  Micro.  Integrated  intelligence.  Increased  security. 


www.trendmicro.com/cisco 
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Managed 

continued  from  page  1 

with  extensive  DSL  capabilities. 

Top-tier  carriers  including  Veri¬ 
zon  Business  also  are  targeting  this 
market  with  expanded  offerings  in 
the  areas  of  remote  access,  tele¬ 
work  and  mobility.  For  example, 
Verizon  Business  now  offers 
Evolution  Data  Only  (EVDO) 
wireless  services  as  well  as  DSL 
that  are  integrated  with  its  enter¬ 
prise  mobility  solutions. 

“A  lot  of  the  big  telcos  are  offer¬ 
ing  DSL  to  replace  frame  relay  ac¬ 
cess,  and  they  are  becoming  pret¬ 
ty  comfortable  using  the  technol¬ 
ogy  for  business-class  services,” 
says  Courtney  Munroe,  vice  presi¬ 
dent  for  telecommunications  at 
lDC.“lf  you  already  are  buying  an 
IP  VPN  service,  you  can  buy 
broadband  access  and  use  the 
VPN  to  get  the  security  you  need. 
That’s  where  you  really  get  the 
bang  for  your  buck,  by  leveraging 
the  IP  VPN’s  security  and  authen¬ 
tication,  and  the  faster  speeds  of 
broadband.” 

KidsFteace,a  children’s  charity  in 
Orefield,  Pa.,  has  built  an  IP  VPN 
that  takes  advantage  of  broad¬ 
band.  KidsPeace  has  more  than 
2,500  employees  at  40  locations. 

“Our  locations  are  very  small. 
They  have  10  to  15  employees  per 
location,  and  it  wasn’t  really  cost 
effective  to  put  in  fractional  T- Is  or 
T-1  connectivity  in  all  of  those  lo¬ 
cations,”  says  Debbie  Kruszewski- 
Wamer,  manager  of  network  and 
hardware  support  at  KidsFteace. 
“Most  of  these  people  work  with 
foster  families.  They’re  out  on  the 
road  a  lot.  They  don’t  need  a  T-1 
connection  that  we  would  be  pay¬ 
ing  a  lot  of  money  forr 

Before  turning  to  broadband, 
KidsPeace  used  dial-in  connec¬ 
tions  that  proved  problematic  and 
required  technical  expertise  that 
many  locations  didn’t  have. 

“The  social  workers’  computer 
skills  are  fairly  low-level,  and  try- 


Correction; 


■  The  story  "Data  center  net¬ 
works  often  exclude  Ethernet" 
(M^  29,  page  22)  should  have 
Slated  that  a  millisecond  is  a  mea¬ 
sure  equal  to  one  one-thousandth 
of  a  second,  not  one  one-millionth. 
The  story  should  also  have  said 
that  Ethernet  latency  is  typically 
around  1  millisecond,  not  100  mil¬ 
liseconds. 


Tips  for  rolling  out  broadband  access 

•  Be  prepared  to  hurry  up  and  wait 

Broadband  carriers  don't  offer  as  quick  of  a  response  time  for  DSL  and  cable 
installation  or  problem  resolution  as  they  do  for  T-1  and  higher  outages  to  be  restored. 

•  Be  flexible 

DSL  isn't  available  in  all  locations,  even  in  major  metropolitan  areas.  You  may  require 
a  combination  of  DSL  and  cable  connections  to  provide  broadband  to  all  of  your 
branch  or  home  offices. 

•  Don’t  expect  residential  pricing 

Business  class  broadband  costs  10  times  more  than  residential  —  S200  per  month 
vs.  S20  per  month  —  but  it's  still  significantly  less  than  T-1  or  higher  connections. 

•  Consider  wireless  for  backup 

More  carriers  including  Verizon  Wireless  are  offering  broadband  wireless  services 
in  the  form  of  EVDO  technology  that  can  be  used  for  backup  or  disaster  recovery. 
EVDO  can  be  integrated  into  a  company's  overall  Internet  access  plan. 

•  Use  a  managed  service  provider 

Coordinating  broadband  installation  nationwide  or  globally  requires  dealing  with 
many  local  access  providers,  different  flavors  of  broadband  and  many  monthly 
bills.  Managed  service  providers  provide  standard  equipment,  better  service- 
level  agreements  and  consolidated  bills. 


ing  to  dial  into  our  network  was 
really  troublesome  for  them,” 
Kruszewski-Warner  says.  “If  the 
connection  didn’t  work,  it  was 
really  difficult  for  them  to  diag¬ 
nose  why  it  didn’t  work.” 

KidsPeace  turned  to  Virtela,  a 
managed  service  provider,  to  put 
together  a  broadband  network  to 
replace  its  old  dial-in  system. 
KidsPeace  has  DSL  and  cable 
connections  in  its  foster  care  loca¬ 
tions  and  T-ls  in  its  headquarters 
location.  Virtela  manages  all  the 
connections  at  the  remote  loca¬ 
tions,  which  involves  overseeing 
15  access  providers. 

“Virtela  orders  all  the  services 
for  us.  They  get  and  install  all  the 
equipment,  and  they  coordinate 
with  the  ISPs,”  Kruszewski-Warner 
says.  “If  we  had  done  this  our¬ 
selves,  1  would  have  had  to  hire 
one  or  two  more  people.” 

KidsFteace  has  25  people  in  its  IT 
shop. 

Virtela  handles  ordering  and 
provisioning  of  KidsPeace’s 
broadband  network  and  provides 
a  consolidated  monthly  bill. 
Virtela  also  handles  any  outages 
that  occur  and  deals  with  the 
local  access  providers  to  get  ser¬ 
vice  up  and  running  again. 

“We  haven’t  had  extended  peri¬ 
ods  of  time  where  the  service  is 
down.  It’s  typically  back  up  and 
running  in  a  day  or  two,” 
Kruszewski-Warner  says,  adding 
that  she  believes  the  local  access 
providers  are  more  responsive  to 
Virtela  when  outages  occur.  “1 
don’t  think  they  would  respond  to 
us  in  a  timely  manner  because 
we’d  be  such  a  small  customer^ 


Kruszewski-Warner  says  she’s 
happy  with  Virtela’s  service;  in 
fact,  she  recently  extended  her 
contract  with  the  service  provider 
for  another  four  years.  However, 
she  would  like  to  see  local  DSL 
and  cable  providers  offer  enter- 
prise-class  service-level  agree¬ 
ments  (SLA)  that  include  guaran¬ 
teed  install  times  and  faster 
re.sponse  to  outages. 

“I’d  like  to  have  known  installa¬ 
tion  times.  It’s  hard  because  we 
lease  offices,  and  sometimes  an 
office  will  tell  us  just  two  weeks 
before  they  are  moving,”  she  says. 
“We  don’t  really  have  SLAs  either 
because  the  broadband  service 
providers  don’t  offer  them.” 

She  says  she’d  also  like  to  see 
the  prices  for  business-class  DSL 
services  drop.  KidsPeace  pays 
$200  to  $300  per  month,  per  loca¬ 
tion,  for  broadband  services. 

“I  could  go  to  Verizon  and  get  it 
for  $14.95  per  month,”  Kruszewski- 
Warner  says.“But  Virtela  is  provid¬ 
ing  the  equipment  and  the  man¬ 
agement  of  this  network.  Our 
office  thinks  it’s  really  expensive, 
but  they  don’t  see  all  of  the  ex¬ 
penses  that  I  would  have  to  spend 
in  terms  of  hiring  people  and  buy¬ 
ing  equipment  that  now  1  get  from 
Virtela.” 

Improved  reliability  from  the 
local  broadband  providers  would 
be  nice,  too.  KidsPeace  has  re¬ 
placed  all  the  PCs  at  its  remote 
locations  with  thin  clients  that  are 
easy  for  staff  to  use.  However,  em¬ 
ployees  can’t  access  their  e-mail, 
human  resources,  payroll  or 
patient  account  systems  if  their 
network  connections  go  down. 


“Unless  you  have  a  large  IT  staff, 
you  need  to  outsource  broad¬ 
band  services,”  Kruszewski- 
Warner  advises. 

KidsPeace  is  not  alone.  Retail 
outlets  such  as  HandiMart  Food 
Stores  and  Shell  gasoline  stations 
are  moving  to  outsourced  DSL 
services,  as  are  financial  services 
and  insurance  companies  with 
many  small,  branch  offices  such 
as  GAB  Robins  North  America. 

Some  U.S.-based  multinationals 
are  turning  to  DSL  to  replace 
more  expensive  T-1  or  slower  dial¬ 
up  connections  overseas.  Pitney 
Bowes  uses  managed  DSL  ser¬ 
vices  for  an  IP  VPN  in  Australia, 
China,  Hong  Kong,  Japan,  South 
Korea  and  Thailand  that  replaced 
dial-up  services. 

Some  of  these  companies  use 
DSL  for  all  of  their  access,  while 
others  use  it  as  a  backup. 

“Everyone  is  getting  rid  of  low- 
speed  frame  relay  services,”  says 
Jeff  Phillips,  vice  president  of  pro¬ 
duct  marketing  at  Virtela. 
“Typically  companies  are  buying 
MPl^  and  using  DSL  as  backup 
for  offices  with  up  to  15  to  20  peo¬ 
ple.  . .  .They’re  getting  rid  of  dial-up 
for  backup.” 

Sal  Cinquegrani,  executive 
director  for  communications  at 
New  Edge  Networks,says  it’s  hard 
for  network  managers  to  oversee 
DSL  services  nationwide  or  over¬ 
seas  as  so  many  carriers  are 
involved. 

“It’s  very  difficult  to  provide  a 
single-source  solution  everywhere 
that  a  company  has  employees,” 
Cinquegrani  says.“There  are  differ¬ 
ent  flavors  of  DSL.  In  some  areas, 
DSL  is  not  available.  The  merger 
between  New  Edge  and  Earthlink 
brings  us  much  closer  to  providing 
a  solution  that’s  going  to  be  valu¬ 
able  and  acceptable  to  many 
large  companies.” 

For  example.  New  Edge  built  a 
network  for  Sbarro  using  DSL  con¬ 
nections  to  link  its  headquarters 
in  Melville,  N.Y,  with  each  of  its 
400  locations  nationwide.The  DSL 
connections  replaced  dial-up 
telephone  lines.  New  Edge  pro¬ 
vides  network  management  and 
reporting  services  to  Sbarro. 

On  the  horizon  are  better  SLAs 
and  improved  QoS  for  business- 
class  broadband  services. 

“DSL  has  been  a  best-effort 
kind  of  capability.  What  buyers 
want  is  some  quality  of  service, 
especially  if  they  are  running 
voice  or  video.  That’s  one  of  the 
biggest  trends  on  the  perfor¬ 
mance  side,”  Phillips  says.  ■ 


NETWOBKWOBLD 

EDITORIAL  DIRECTOR;  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 

■  NEWS 

EXECUTIVE  EDITOR,  NEWS:  BOB  BROWN 
NEWS  EDITOR:  MICHAEL  COONEY 
NEWS  EDITOR:  PAUL  MCNAMARA 

■  NET  INFRASTRUCTURE 

SENIOR  EDITOR:  JOHN  COX  (978)  834-0554 

SENIOR  EDITOR:  TIM  GREENE 

SENIOR  EDITOR:  PHIL  HOCHMUTH 

SENIOR  EDITOR:  ELLEN  MESSMER  (941)  792-1061 

■  ENTERPRISE  COMPUTINi _ 

SENIOR  EDITOR:  JOHN  FONTANA  (303)  377-9057 
SENIOR  EDITOR:  DENI  CONNOR  (512)  345-3850 
SENIOR  EDITOR:  JENNIFER  MEARS  (520)  818-2928 

■  APPLICATION  SERVICES 

SENIOR  EDITOR:  CAROLYN  DUFFY  MARSAN. 

(317)  5664)845 

SENIOR  EDITOR:  ANN  BEDNARZ  (612)  9260470 

SENIOR  EDITOR:  DENISE  DUBIE 

SENIOR  EDITOR:  CARA  GARRETSON  (240)  2460098 

■  SERVICE  PROVIDERS 

SENIOR  EDITOR:  DENISE  PAPPALARDO, 

(703)  768-7573 

MANAGING  EDITOR:  JIM  DUFFY  (716)6550103 

■  HET.WORKER 

EDITOR:  JOHN  DIX 

■  COPY  DESK/UYOUT _ 

MANAGING  EDITOR:  RYAN  FRANCIS 
COPY  CHIEF:  TAMMY  O'KEEFE 
SENIOR  COPY  EDITOR:  JOHN  DOOLEY 
COPY  EDITOR:  BOB  SPRAGUE 
COPY  EDITOR:  CAROL  ZARROW 

■  ART 

DESIGN  DIRECTOR:  TOM  NORTON 
ART  DIRECTOR:  BRIAN  GAIDRY 
SENIOR  DESIGNER:  STEPHEN  SAUER 
ASSOCIATE  DESIGNER:  ERIC  ANDERSON 

■  FEATURES 

FEATURES  EDITOR:  NEAL  WEINBERG 

SENIOR  MANAGING  EDITOR,  FEATURES:  AMY  SCHURR 

OPINIONS  PAGE  EDITOR:  SUSAN  COLLINS 

■  CLEAR  CHOICE  TESTS 

EXECUTIVE  EDITOR,  TESTING:  CHRISTINE  BURNS, 

(717)  243-3686 

SENIOR  EDITOR,  PRODUCT  TESTING:  KEITH  SHAW, 

(508)  49(36527 

LAB  ALLIANCE  PARTNERS:  JOEL  SNYDER,  Opus  One; 
JOHN  BASS,  Centennial  Networking  l.abs;  BARRY 
NANCE,  independent  consultant;  THOMAS 
POWELL.  PINT:  Miercom:  THOMAS  HENDERSON. 
Extremel.abs:  TRAVIS  BERKLEY.  University  ol 
Kansas:  DAVID  NEWMAN,  Network  Test; 

CHRISTINE  PEREY  Perey  Research  &  Consulting; 
JEFFREY  FRITZ,  University  ol  Calilornia.San 
Francisco:  JAMES  GASKIN,  Gaskin  Computing 
Services,  MANDY  ANDRESS,  ArcSec;  RODNEY 
THAYER.  Canola  &  Jones;  SAM  STOVER,  indepen¬ 
dent  consuitant 

CONTRIBUTING  EDITORS:  DANIEL  BR1ERE,MARK  GIBBS. 
JAMES  KOBIELUS,  MARK  MILLER 

■  NETW0BKW0RLD.C0III _ 

EXECUTIVE  EDITOR,  ONLINE:  ADAM  GAFFIN 
SITE  EDITOR:  JEFF  CARUSO.  (631)  584-5829 
SENIOR  ONLINE  NEWS  EDITOR:  UNDA  LEUNG. 

(510)  768-2808 

MULTIMEDIA  EDITOR:  JASON  MESERVE 
ASSOCIATE  ONUNE  NEWS  EDITOR:  SHERYL  HODGE 
SENIOR  ONLINE  GRAPHIC  DESIGNER:  ZACH  SULUVAN 

■  SIOHATURE  StBIES _ 

EDITOR:  BETH  SCHULTZ,  (773)  2834)213 
EXECUTIVE  EDITOR:  JUUE  BORT  (970)  482-6454 
COPY  EDITOR:  TAMMY  O'KEEFE 

EDITORIAL  OPERATIONS  MANAGER:  CHERYL  CRIVELLO 
OFFICE  MANAGER.  EDUORIAL:  GLENNA  FASOLD 
EDITORIAL  OFFICE  ADMINISTRATOR:  PAT  JOSEFEK 
MAIN  PHONE:  (508)  460-3333 
E-MAIL  lirst  name_last  name@nww.com 


ng  mo 

Fully  loadei 
ITY  keyboai 
d  network, 


Call  our  representatives  at  1.800.VZW.4  BIZ 

IMPORTANT  CUSTOMER  INFORMATION:  The  wireless  broadband  network  averages  400-700  kbps  based 
1 48  million  people,  and  is  expanding  coast  to  coast.  Actual  speeds  and  coverage  vary.  Coverage  limitations,  tr 
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Ping  broadening  scope  of  identity  wares 


BY  JOHN  FONTANA 

Pingldentity  this  week  is  expected  to  add 
support  for  additional  identity  protocols  to 
its  software  and  introduce  a  new  middle¬ 
ware  product  to  tie  Web-based  applications 
into  corporate  authentication  deployments. 

The  two  pieces  of  authentication  soft¬ 
ware  are  designed  to  help  users  integrate 
their  identity  infrastructures  with  those  of 
partners  and  make  it  easier  to  support 
many  forms  of  authentication,  including 
two-factor  authentication  that  is  becoming 
a  requirement  for  the  online  banking 
industry 

With  the  introduction  of  PingFederate  4.0, 
the  company  is  adding  support  for  Versions 
1.0  and  1.1  of  the  Security  Assertion  Mark¬ 
up  Language  (SAML),  a  standard  for  ex¬ 
changing  authentication  and  authorization 
information.  PingFederate  already  supports 


SAML  2.0.  Ping  also  is  adding  support  for 
WS-Federation,  which  was  developed  by 
IBM  and  Microsoft,  and  is  supported  in 
Microsoft’s  Active  Directory  Federation 
Services  technology  that  shipped  with 
Windows  Server  2003  Release  2  and  IBM’s 
Tivoli  Federated  Identity  Manager. 

In  July,  Ping  plans  to  ship  PingLogin,  Java- 
based  middleware  that  helps  companies 
tie  their  consumer-based  Web  applications 
into  their  overall  authentication, single  sign- 
on  and  identity  federation  infrastructure. 
The  software  centralizes  the  use  and  man¬ 
agement  of  many  forms  of  authentication, 
including  biometrics  and  one-time  pass¬ 
words.  Instead  of  building  authentication 
per  application,  users  can  rely  on 
PingLogin  as  a  hub  that  provides  access 
control. 


Users  already  plan  to  roll  out  Ping¬ 
Federate  4.0  and  its  expanded  protocol 
support  to  broaden  their  ability  to  integrate 
with  partners  and  customers. 

“Our  situation  is  that  we  have  to  be  as  stan¬ 
dards  compliant  as  possible,”  says  Terry 
Field,  manager  of  software  development  for 
Infohrm,  a  provider  of  online  human  re¬ 
sources  applications  in  Australia.  Field  says 
because  Infohrm  is  a  small  firm  serving  a 
number  of  very  large  companies,  it  cannot 
dictate  what  identity  federation  technology 
they  use. “The  advantage  of  using  a  tool  like 
PingFederate  is  that  it  reduces  the  barrier  to 
usage,  it  drives  up  the  usability  of  our  tool,” 
he  says.  Field  says  he  chose  Ping  over  about 
a  dozen  other  vendors  because  it  required 
little  code  change  to  integrate  the  technolo¬ 
gy  into  its  application. 


Besides  expanded  protocol  support,  Ping¬ 
Federate  4.0  offers  a  configuration  wizard 
based  on  the  protocols  deployed,  delegat¬ 
ed  administration  based  on  a  set  of  four 
user  roles,  logging  and  auditing  of  adminis¬ 
trative  actions,  and  an  upgrade  engine.  Ping 
competes  with  IBM,  Microsoft,  HP  Novell, 
Sun,  Oracle,  RSA  Security  and  others. 

PingFederate  4.0  is  free  for  the  first  six 
months  or  100,000  “identity  transactions,” 
which  are  the  equivalent  of  SAML  assertion 
exchanges.  After  that,  users  will  pay  a  yearly 
subscription  fee, which  is  $10,000  per  1  mil¬ 
lion  transactions  or  $30,000  for  unlimited 
transactions  for  a  year  including  support 
and  maintenance.  PingLogin  also  is  free  for 
the  first  six  months  or  100,000  transactions. 
After  that,  the  software  is  $100,000  per  serv¬ 
er  with  a  limit  of  two  CPUs.  ■ 


Imperva  appliance  tracks 
who  accesses  database 


BY  TIM  GREENE 

Web  application  firewall  vendor 
Imperva  is  introducing  an  appli¬ 
ance  to  help  businesses  meet 
strict  auditing  requirements  by 
figuring  out  who  accesses  data¬ 
base  information  that  must  be 
kept  confidential. 

Called  SecureSphere  Database 
Monitoring  Gateway,  the  device 
logs  which  users  have  accessed 
sensitive  data. 

This  is  a  step  up  from  monitor¬ 
ing  devices  that  track  which  applications  pull  data 
from  databases  rather  than  the  individuals  who  put 
in  the  requests,  according  to  Andrew  Jaquith,  an 
analyst  with  the  Yankee  Group. 

To  improve  performance  of  applications  that  tap 
databases,  typically  user  requests  are  pooled,so  the 
record  of  where  database  queries  come  from  spec¬ 
ifies  only  the  application,  says  Rich  Mogull,an  ana¬ 
lyst  with  Gartner.  There  are  no  regulations  that 
require  more  specific  tracking,  but  Imperva’s 
approach  could  be  helpful  to  auditors  assessing 
how  well  businesses  protect  their  data,Mogull  says. 
Other  vendors,  including  Lumigent  and  Embarca- 
dero,  monitor  which  applications  access  data  but 
not  which  users,  he  says,  adding  that  he  has  heard 
others  are  working  on  it. 

Imperva’s  gateway  monitors  user  interactions  with 
Web  applications  and  the  Web  applications  interac¬ 
tions  w'ith  databases.  Correlating  data  about  which 
users  were  logged  on  to  applications  at  specific 
times,  comparing  that  with  what  queries  the  appli¬ 
cations  generated  and  when,  the  Imperva  gateway 
can  determine  which  users  generated  specific 
requests. 


The  devices  can  deduce  80%  to 
90%  of  the  time  which  user 
accessed  particular  data,  the 
company  says.  Other  devices  can 
figure  out  which  application  has 
accessed  data  but  not  the  user 
who  generated  the  request  via 
the  applications.  In  cases  with 
many  users  logged  on  accessing 
the  same  data,  it  may  be  impossi¬ 
ble  to  figure  out  which  users  gen¬ 
erated  which  queries. 
Applications  could  be  written 
to  require  identification  of  users  gaining  access  via 
pooled  connections,  but  that  is  not  standard  prac¬ 
tice,  Mogull  says. 

The  gateways  are  attached  to  span  ports  on 
switches  that  handle  traffic  in  and  out  of  data  cen¬ 
ters,  so  they  do  not  disrupt  the  flow  of  traffic. 

This  configuration  also  lets  a  single  network 
group  control  the  device,  so  if  a  company  has  a 
compliance  department,  the  device  could  have 
its  own  compliance  administrator  take  care  of  it 
without  involving,  say,  the  network  or  security 
groups.  The  devices  can  be  set  to  monitor  speci¬ 
fied  fields  within  databases  that  contain  sensitive 
data  such  as  Social  Security  numbers  and  credit 
card  information. 

The  monitoring  gateway  also  is  available  as  soft¬ 
ware  that  can  be  loaded  on  multifunction  security 
devices  made  by  Crossbeam. 

SecureSphere  Database  Monitoring  Gateway 
comes  in  three  versions,  the  G4  with  O.SGbps 
throughput  for  $35,000;  the  G8  with  IGbps  through¬ 
put  for  $70,000;  and  the  G16  with  2Gbps  throughput 
for  $140,000.  They  are  scheduled  to  be  available 
June  19.  ■ 


The  Imperva  family  of  Secure¬ 
Sphere  Database  Monitoring  Gate¬ 
ways  tracks  who  accesses  sensitive 
data. 


PGP,  RSA  announce 
encryption  initiatives 

BY  ELLEN  MESSMER 

This  week  a  pair  of  encryption  vendors  are  expected  to  disclose  new 
undertakings,  with  PGP  announcing  a  product  called  NetShare  and 
RSA  Security  kicking  off  a  standards  effort  as  well  as  a  partnership  with 
Protegrity 

NetShare  is  a  file-encryption  product  that  will  work  by  limiting  access 
to  content  except  by  authorized  users  equipped  with  a  designated  pub¬ 
lic  key  Expected  to  ship  this  fall,  NetShare  is  intended  to  ensure  that 
content  remains  encrypted  when  saved  to  a  NetShare-protected  folder, 
stored  on  a  server  or  archived.  NetShare  competes  against  products 
from  Dacru,NeoScale  and  Vormetrics. 

“Each  time,  the  file  is  signed  by  the  last  person  who  changed  it,”  says 
Andrew  Krcik,vice  president  of  marketing  at  PGP 

The  product,  which  includes  desktop  software  and  the  PGP  En¬ 
cryption  Platform  management  console,  can  be  synchronized  with 
Lightweight  Directory  Access  Protocol-based  directories,  including 
Microsoft’s  Active  Directory,  to  administer  access  rights  to  encrypted 
files.  File  encryption  and  decryption  is  carried  out  transparently  to 
users.  Files  and  folders  have  an  associated  access  control  list,  so  unau¬ 
thorized  users  who  gain  access  view  only  scrambled  ciphertext. 

While  NetShare  keeps  data  encrypted  at  rest,  it  can’t  prevent  autho¬ 
rized  users  from  copying  or  otherwise  reproducing  data  once  it  has 
been  decrypted.  NetShare  is  priced  at  $149  per  desktop  and  is  expect¬ 
ed  to  enter  beta  by  the  end  of  this  month. 

RSA  this  week  is  expected  to  embark  on  its  data-protection  strategy  to 
make  its  encryption  interfaces  openly  available  and  eventually  stan¬ 
dardized. 

“We’re  going  to  be  going  to  the  IETF  with  standardized  interfaces  for 
certain  key  management  functions,  such  as  key  retrieval  and  provi¬ 
sioning,”  says  Chris  Parkerman,  senior  product  marketing  manager. 

As  part  of  this  strategy,  RSA  intends  to  expand  use  of  its  Key  Manager 
product  for  centralizing  management  of  private  keys  used  in  enterprise 
applications  so  third-party  products  can  easily  use  it. 

The  first  industry  partner  to  work  with  RSA  in  this  fashion  is  Protegrity, 
a  security  firm  whose  products  include  Defiance  DPS. 

According  to  Gordon  Rapkin,Protegrity’s  president  and  CEO,  the  firm 
intends  to  develop  a  database-security  product  integrated  with  Key 
Manager  that  should  be  available  by  year-end.  ■ 
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Ail-in-One,  Cost-Effective 
Exchange  Solution 

EMC  Insignia  Solution  for  Exchange 

As  a  small  or  medium  business  (SMB),  you  depend  on 
your  e-mail.  With  EMC  Insignia  Solution  for  Exchange, 
your  Exchange  server  becomes  faster,  easier  to  manage, 
and  more  reliable.  Designed  to  fit  SMB  needs  and  budgets, 
EMC  Insignia  Solution  for  Exchange  gives  you  a  level  of 
confidence  that  only  EMC  can  deliver,  combining  three 
powerful,  yet  easy-to-use  products: 

•  EMC  CLARiiON®  AX150  disk  storage  array 

•  EMC  Storage  Administrator™  for  Exchange  SMB  Edition 
storage  management  software 

•  EMC  Retrospect®  backup  and  recovery  software 

All  the  storage,  up  to  twice  the  performance 
EMC  CLARiiON  AX150  stores  2.5  GB  on  SATA  II  drives  for 
up  to  double  the  performance  of  internal  server  storage,  and 
it  scales  up  to  six  terabytes  of  storage. 


Eliminate  data  loss  and  downtime 

EMC's  renowned  CLARiiON  RAID  architecture  guards  against 
hard  drive  failure.  Included  software  protects  Exchange  data  and 
enables  automatic  server  failover. 

Easy  administration  and  migration 
Automatically  utilizes  Microsoft  and  EMC  best  practices  to 
optimize  Exchange  storage  and  automate  migration  to  Exchange 
Server  2003. 

Recover  lost  data  quickly 

Recover  the  precise  data  you  need — individual  e-mails,  mail¬ 
boxes,  or  an  entire  Exchange  server — without  extensive  exper¬ 
tise  or  complex  manual  intervention. 

EMC  Insignia 

EMC  Insignia  is  a  line  of  hardware  and  software  products  that 
enable  small  and  medium  businesses  to  store,  manage,  protect, 
and  share  vital  business  information.  To  learn  more,  visit 

WWW.  emcinsignia.  com/ad506. 


EMC  Insignia  Solution  for  Exchange.The  right  solution  at  the  right  price. 


^  Contact  your  EMC  Insignia  Channel  Partner  for  Solution  pricing. 


EMC*.  EMC.  CLARiiON.  Retrospect,  and  where  information  lives  are  registered  trademarks,  and  EMC  Storage  Administrator 
IS  a  trademark  of  EMC  Corporation.  6  Copyright  2006  EMC  Corporation.  All  rights  reserved 
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Longhorn 

continued  fronn  page  1 

authentication  API  set  from 
Windows  Vista  beta  releases  (see 
related  story  at  www.  nwdocfind- 
er.com/3731. 

This  combination  of  client  and 
server-side  security  alterations 
may  require  those  using  third- 
party  sign-on  mechanisms  to 
rethink  their  authentication 
schemes  or  wait  for  vendor  plug¬ 
in  modules  to  arrive  before 
upgrading  to  this  next^eneration 
server  software.  Because  no  third- 
party  tools  are  available,  we  had 
only  Microsoft’s  Windows  (XP  and 
Vista  Beta)  clients  to  test  these 
new  security  parameters  against. 

Longhorn  implements  a  hierar¬ 
chical  security  scheme  similar  to 
Unix  operating  systems.  Core  sys¬ 
tem  functions  such  as  printing  are 
now  given  role-based  system  ac¬ 
cessibility  similar  to  the  Unix  sys¬ 
tem  user“wheel”in  BSD  and  Linux 
—  a  condition  that  gives  users  or 
application  software  diminished 
capacity  to  infect  or  manipulate 
processes  running  in  the  server.  If 
users  lack  the  administrative  pass¬ 
word  for  their  machines,  the  hier¬ 
archical  authentication  system 
should  prevent  many  types  of 
viruses  and  Trojans  that  need  priv¬ 
ileged-user  status  to  install. 

We  tested  a  common  virus  and 
Trojans  courtesy  of  BitDefender 


Tracking  Longhorn 

July  2002 

Microsoft  begins  positioning  Longhorn 
as  part  of  its  .Net  intiative  with  a 
server  delivery  date  of  early  2005. 

i  f- 


March  2003 

Longhorn  Server  realigned  with  client,  which  later  is  called 
Vista,  and  put  back  on  the  product  road  map  with  ship 
date  in  2006,  Blackcomb  backed  up  into  “future." 


May  2004 

Microsoft  shifts  official 
Longhorn  Server 
release  to  2007. 
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November  2002 

Longhorn  Server  version  of  the  operating 
system  cancelled:  Longhorn  now  client 
only  release.  Next  release,  code-named 
Blackcomb,  will  be  server  only  in  2006, 

against  Longhorn.  The  operating 
system  asked  for  administrative 
passwords  before  letting  them  run 
or  refused  to  install  them  at  all. 

It’s  not  a  perfect  implementa¬ 
tion, as  it’s  unable  to  recognize  the 
difference  between  “legitimate” 
and  “evil”  applications,  instead 
barring  installation  based  on 
behavior  and  user  permissions. 
Users  can  still  blithely  offer  a  pass¬ 
word,  thinking  that  an  installation 
is  legitimate.  However,  it  is  a  vast 
improvement  over  how  previous 
Windows  Server  editions  handed 
over  seemingly  easy  access  to 
“root”  privilege. 

Longhorn  also  can  prevent  hard¬ 
ware  devices  from  being  installed 
ad  hoc,  reducing  the  risk  associat¬ 
ed  with  data  theft  or  blocking 
alternate  undesired  network 


t  t  2004 
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Late  2003 

Microsoft  unveils 
Longhorn  road  map. 
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August  2005 

Microsoft  releases 
Beta  1  code  for 
Longhorn  and  Vista. 
- '  f- 


First  half  of  2007 

Longhorn  Beta  3 
expected  to  be 
released. 
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August  2004 

Microsoft  pulls  unified  file  system 
from  Longhorn  plans  in  order  to 
hit  late  2006  target  ship  date. 


2006  1. 


2007 


May  2005 

Department  of  Justice  meets 
with  developers  to  ensure 
Longhorn  plans  don't  violate  anti¬ 
trust  agreement. 


May  2006 

Microsoft  releases  Beta  2 
code  for  Longhorn  and  Vista. 


paths.  A  group-policy  method 
allows  groups,  users  or  specific 
computers  to  be  prevented  from 
installing  drivers  needed  to  use  all 
or  specific  devices.  With  this  con¬ 
dition  in  place,  hardware  such  as 
USB  flash  drives,  wireless  network 
cards  or  external  CD/DVD  drives 
are  denied  access  to  the  Long¬ 
horn  operating  system.  You  can 
plug  in  a  device,  but  the  operating 
system  prevents  the  installation, 
citing  policy  violation. 

Under  Longhorn’s  optional  Net¬ 
work  Access  Protection  method¬ 
ology  from  the  moment  a  device 
appears  on  a  network  the  client  is 
measured  against  an  entire 
scheme  of  access  control  tests.  If 
the  client  fails  any  of  these,  it’s 
quarantined  or  prevented  from 
authenticating  to  the  network. 


Sneak  peek  at  Exchange 


BY  JOHN  FONTANA 

Microsoft  last  week  said  Exchange  2007  will 
include  a  new  client-access  license  option  geared  to 
corporate  users  and  that  Beta  2  of  the  server  will 
include  new  e-mail  hygiene,  compliance,  replication 
and  data  protection  features. 

Microsoft  said  it  plans  to  ship  Beta  2  of  Exchange 
Server  2007  this  summer  with  final  release  slated  for 
late  2006  or  early  2007. 

“The  future  of  Exchange  is  as  a  foundation  com¬ 
ponent  of  this  integrated  unified  communication 
services  infrastructure  we  are  building,”  says  Dave 
Thompson,  corporate  vice  president  of  the 
Exchange  group  at  Microsoft. 

Microsoft  is  making  these  moves  with  some  com¬ 
petitive  prodding  from  longtime  rival  IBM/Lotus, 
wfiich  is  crafting  its  own  platform  that  integrates 
messaging,  collaboration  and  real-time  communica¬ 
tions  such  as  instant  mes.saging. 

Microsoft  is  likely  to  have  a  challenge  converting 
users  to  Exchange  2007  when  it  is  released,given  that 
nearly  a  quarter  of  its  user  base  migrated  off 
Exchange  5.5  in  the  past  year.  Those  users  likely 
won’t  be  upgrading  in  the  near  future  even  if  they 
have  Software  Assurance  maintenance  contracts 


that  provide  access  to  the  Exchange  2007  upgrade. 

However, Microsoft  last  fall  said  it  still  had  16%  of  its 
installed  base  on  Exchange  5.5,  a  group  that  would 
be  prime  candidates  for  an  upgrade  but  also  are 
being  tempted  by  IBM/Lotus,  open  source  e-mail 
vendors  and  others. 

Microsoft  did  not  announce  pricing  for  the  new 
Exchange  Enterprise  client  access  license  (CAL)  but 
said  it  would  include  access  to  features  such  as  uni¬ 
fied  messaging. Company  officials  said  those  features 
and  services  would  be  priced  at  50%  less  than  if 
bought  separately. 

The  company  said  the  price  for  the  Exchange 
Standard  CAL  in  Exchange  2007  would  be 
unchanged  from  its  current  starting  price  of  $67.The 
Standard  CAL  for  Exchange  2007  includes  better 
antispam,  management  and  mobility  features, 
according  to  Microsoft.  It  also  has  new  encryption 
features  for  business-to-business  messaging,  cross¬ 
organization  mailbox  search  and  new  mail  flow 
rules. 

In  addition  to  the  new  CAL,  Microsoft  introduced 
features  for  Beta  2  under  the  banner  of  Built-in 
Protection,  which  is  designed  to  ensure  e-mail  is  up 
and  running  and  secure.  ■ 


In  Longhorn,  a  Network  Policy 
Server  is  coupled  with  a  built-in 
DHCP  server.  A  Windows  XP  or 
Vista  client,  upon  receiving  an 
address,  is  asked  to  send  system 
health  information  in  the  form  of 
certificates  to  the  server.  The  cer¬ 
tificates  give  information  about 
various  states  of  the  client  mach¬ 
ine.  For  example,  they  advise  the 
server  that  the  machine  has  up-to- 
date  virus  definitions  or  was  boot¬ 
ed  with  mandated  files.  These  cer¬ 
tificates  are  then  weighed  against 
a  policy  decision  tree  defined  in 
the  Longhorn  server  and  granted 
the  appropriate  degree  of  network 
accessibility 

If  a  machine/user  combination 
fails  the  certificate  test,  adminis¬ 
trators  can  define  whether  they 
are  confined  to  a  remediation  vir¬ 
tual  LAN  (VLAN),  where  Web 
pages  direct  users  to  resources 
needed  to  be  accessed  (such  as 
downloading  the  latest  virus  defi¬ 
nitions  mandated),  or  detained  in 
a  “corralled”  network  space  until  a 
re-authentication  can  be  made. 

Other  interesting  changes 

Longhorn  has  an  entirely  new 
TCP/IP  stack  that  manages  IPv4 
and  IPv6  services  equally  We  test¬ 
ed  IPv6  support, and  it  works  well, 
allowing  full  DNS  and  name  reso¬ 
lution  services  as  well  as  forward/ 
backward  conversion  for  existing 
IPv4  networks.  Administration  was 
simple,  and  dual  IPv4/lPv6  traffic 
was  handled  equally  well  under 
moderate  stress. 

Managing  Longhorn  has  be¬ 
come  easier  via  Service  Manager, 
an  application  that  unites  the  jum¬ 
ble  of  administrative  tools  found 
in  Win  2000  and  2003  Server  edi¬ 
tions.  Comparable  in  functionality 
to  open  source-bcised  LinuxConf 
and  Yast2,  Service  Manager  in¬ 
stalls,  removes  and  reports  on 
server  applications,  and  checks 
dependencies  of  other  resources 


and  services  when  adding,  remov¬ 
ing  or  changing  what  Microsoft 
calls  roles.  Server  configuration 
has  never  been  easier. 

Terminal  services  also  have 
been  vastly  improved  and  can  be 
connected  via  a  Remote  Pro¬ 
cedure  Call  or  by  an  https:// 
page.  It’s  then  possible  to  log  on 
to  one’s  desktop  or  any  of  those 
provided  by  a  terminal  services 
server.  We  tested  the  updated  ter¬ 
minal  services  via  the  Terminal 
Services  Gateway,  which  authenti¬ 
cated  us  as  users  through  the  fire¬ 
wall  and  then  linked  us  to  a 
Remote  Desktop  Protocol  ser¬ 
vices  session. The  session  respon¬ 
siveness  of  applications  used 
under  Terminal  Services  was  very 
speedy  and  startlingly  easy  to 
configure  compared  with  prior 
versions  we’ve  tested.  Even  USB 
devices  are  supported  (or  as 
defined  by  policy  —  not  support¬ 
ed)  so  that  local  hardware  re¬ 
sources  can  be  virtualized  into 
the  Terminal  Services  session. 

We  tested  the  Longhorn  build 
on  32-  and  64-bit  servers  and 
noted  that  in  our  minimalist  con¬ 
figurations,  we  couldn’t  discern 
any  real  performance  difference 
between  the  two.  They  were  both 
slow,  and  we  fully  acknowledge 
that  this  is  beta  code  and  did  not 
formally  benchmark  it.  Help  files 
are  missing  or  are  sparse.  We 
found  numerous  instabilities  for 
which  we  could  not  find 
answers. 

However,  with  all  that  said,  in  the 
enormous  amount  of  rewritten, 
revised  and  replaced  code  in 
Ixinghorn  Beta  2,  we  found  hope 
in  what  will  be  the  next  genera¬ 
tion  of  Windows  Server. 

Henderson  is  managing  director 
and  Szenes  is  a  security  researcher 
at  ExtremeLabs.  Henderson  can  be 
reached  at  thenderson® 
extremelabs.  com. 
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»  Come  Meet  Multiplay  at  GLOBALCOMM  2006.  Only  Juniper  Networks  takes  you  beyond  one  application 
at  a  time,  further  than  IPTV,  past  the  Triple  Play.  Only  Juniper  lets  you  offer  more  services  now,  over  a 
scalable  platform  built  for  future  deployment.  Only  Juniper  gives  you  opportunities  for  immediate  revenue 
expansion  and  new  revenue  sources,  at  a  lower  total  cost.  Get  it  all  with  multiplay  solutions.  IPTV,  VoD, 
voice,  gaming,  video-telephony,  you  name  it,  multiplay  delivers.  Learn  more:  www.juniper.net/multiplay 


See  Juniper’s  Multiplay  solution  at  GLOBALCOMM  booth  #  42031. 
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How  to  make  an  eco-friendly  data  center 

•  Power  down:  Bring  in  new,  more  energy-efficient  servers. 

•  Consolidate:  Use  virtualization  to  put  more  workloads  on  single  servers,  reducing 
the  number  of  systems  you  need. 

•  Open  up:  Use  solar  tubes,  skylights  and  windows  to  bring  in  more  natural  light, 
rather  than  depending  on  artificial  sources. 

•  Recycle:  Find  good  recycling  programs  from  companies  such  as  FIP  for  old 
computer  equipment. 

•  Support  green  business:  Look  for  service  providers  that  make  energy  conservation 
a  priority  such  as  these  Web  hosting  providers: 

Affordable  Internet  Services  Online:  www.aiso.net 
SustainableWebsites:  www.sustainablewebsites.com 
Locomotive  Media:  www.locomotivemedia.com 
Elfon:  www.elfon.com 
ecoSky:  www.ecosky.com 
ThinkHost:  www.thinkhost.com 


Green 

continued  from  page  1 

typical  hosting  service  provider. 

Instead  of  drawing  energy 
from  traditional  power  sources, 
Also  is  one  of  a  growing  num¬ 
ber  of  hosting  firms  that  is  think¬ 
ing  green  when  it  comes  to 
power  consumption.  And  it’s  one 
of  just  a  very  few  that,  despite 
running  businesses  that  depend 
on  always-on  service,  actually 
produces  all  the  energy  it  needs 
on-site. 

“We  wanted  to  generate  our 
own  electricity  and  be  more 
self-sufficient,”  says  Phil  Nail,  co¬ 
founder  of  Also. 

Also  launched  in  1997  with  the 
aim  of  moving  to  solar  energy 
“We  watched  the  kind  of  equip¬ 
ment  we  put  in  to  make  sure  we 
had  the  lowest  power  consump¬ 
tion  possible,”  Nail  says. 

In  2001,  Also  invested  $100,000 
in  the  solar  panels.Two  huge 
arrays  —  which  contain  dozens 
of  2-foot-square  solar  panels  and 
are  each  about  10  feet  wide  and 
70  feet  long  —  generate  about  60 
kilowatts  of  electricity  per  day 
enough  to  power  the  company’s 
operations.  Nail  says.The  energy 
from  the  solar  panels  is  fed  into 
battery  banks,  which  then  con¬ 
nect  to  servers  and  other  equip¬ 
ment  via  an  APC  UPS  system  that 
keeps  the  energy  supply  steady 

At  the  same  time,AISO  is  like 
most  companies  today  in  that  it 
is  always  looking  for  ways  to  re¬ 
duce  energy  consumption.lt  is 
migrating  away  from  Intel  servers 
and  now  99%  of  its  systems  ixin 
on  lower-power-consuming  AMD 
Opteron  processors.  Nail  says.  An 
environmentally  friendly  cooling 
system  draws  in  outside  air  once 
the  exterior  temperature  drops 
below  60  degrees,  and  about  a 
dozen  solar  tubes  on  the  roof 
bring  in  sunlight  to  brighten  the 
building  during  the  day,  reduc¬ 
ing  the  need  to  power  artificial 
lighting. 

Nail  estimates  the  company  is 


saving  about  $3,000  per  month  in 
energy  costs,  compared  with 
what  it  would  be  paying  if  it  were 
receiving  a  monthly  electric  bill. 
In  addition,  the  environmentally 
friendly  business  model  is  attract¬ 
ing  new  customers. 

“It  has  really  brought  in  a  lot  of 
new  clientele  that  are  environ¬ 
mentally  conscious  or  their  Web 
sites  are,”  Nail  says.“Companies 
are  looking  for  this  type  of  thing.” 

MacGillivray  Freeman  Films,  for 
example,  has  long  been  commit¬ 
ted  to  the  environment,  produc¬ 
ing  movies  such  as  “Mystery  of 
the  Nile”  and  “The  Living  Sea” 
that  aim  to  capture  the  precious¬ 
ness  of  nature  for  giant  Imax 
screens.  MacGillivray  Freeman 
Films  first  signed  on  with  AISO 
in  the  late  1990s  and  was  happy 
when  the  company  made  the 
shift  to  solar  energy 

“Our  company  clearly  has  a 
mission  to  raise  awareness  of 
conservation  issues  in  the  world 
and  having  this  Web  site  pow¬ 
ered  via  solar  power  is  some¬ 
thing  that  we  like  and  appreciate 
very  much,”  says  Mike  Lutz,  direc¬ 
tor  of  distribution  for 
MacGillivray  Freeman  Films  in 
Laguna  Beach,  Calif. 

While  environmentally  con¬ 
scious  enterprises  have  focused 
for  years  on  efforts  such  as  recy¬ 
cling  to  lessen  business  impacts 
on  the  environment,  they  now 
can  show  their  commitment  to 
nature  by  letting  customers  know 
that  their  Web  sites  are  powered 
by  renewable  energy 

MacGillivray  Freeman  Films  has 
an  image  of  a  solar  panel  at  the 
bottom  of  its  Web  site  and  the 
words  “Site  hosted  with  100% 
solar  energy 

“It’s  absolutely  something  that 
we’re  proud  of,”  Lutz  says.“There 
are  certainly  a  lot  of  other  factors 
that  we  think  about  when  looking 
for  a  Web  host,  but  hearing  about 
someone  who  has  this  type  of 
program  is  pretty  persuasive.” 

That  type  of  customer  demand 
is  what  is  fueling  a  growing  indus¬ 


try  In  addition  to  AISO,  companies 
such  as  Sustainable  Websites, 
ThinkHost,  ecoSky  and  Elfon  are 
committed  to  running  hosting 
businesses  on  renewable  energy 

These  companies  generate 
their  own  energy,  purchase  green 
energy  from  their  power  compa¬ 
ny  or  buy  renewable  energy  cer¬ 
tificates  that  offset  the  traditional 
energy  they  use  by  guaranteeing 
that  an  equivalent  amount  of 
renewable  energy  is  kicked  back 
into  the  power  grid. 

I.arger  players  also  are  focusing 
on  conservation  issues.  IBM,  for 
example,  earlier  this  month  was 
recognized  by  the  Environmental 
Protection  Agency  as  one  of  its 
Climate  Protection  Award  win¬ 
ners  because  of  its  use  of  renew¬ 
able  energy  as  well  as  other  ener¬ 
gy  conservation  efforts. 

“Last  December,  IBM  execut¬ 
ed  the  fourth-largest  corporate 
purchase  of  certified  renewable 
energy  certificates  in  the  U.S.,” 
says  Natalie  Fine,  an  IBM 
spokeswoman. 

While  admirable,  the  pur¬ 
chase  brought  IBM’s  total 
renewable  energy  portfolio  to 
account  for  just  4%  of  its  ener¬ 
gy  usage  countrywide. 

The  move  toward  green  hosting 
reflects  a  nationwide  trend.  More 
companies  are  concerned  about 
their  environmental  bottom  line. 
It’s  no  longer  unabashedly  green 
companies  such  as  Ben  &  Jerry’s 
and  Patagonia  that  are  focused 
on  environmental  issues.  Most 
large  companies  are  publicizing 
conservation  activities  on  their 
corporate  Web  sites.  L.ast  year, 
1,500  companies  —  half  of  the 


Fortune  500  —  issued  sustainabil¬ 
ity  reports,  outlining  their  efforts 
to  be  good  environmental  stew¬ 
ards,  according  to  Jacquelyn  Ott- 
man,  founder  of  Ottman  Consult¬ 
ing,  a  marketing  company  fo¬ 
cused  on  helping  organizations 
make  their  businesses  more  envi¬ 
ronmentally  friendly 

“There  are  more  and  more 
companies  that  are  trying  to 
green  their  businesses.  [Green 
hosting]  makes  sense  for  compa¬ 
nies  that  are  selling  green  prod¬ 
ucts.  It  also  makes  sense  for  busi¬ 
nesses  that  are  trying  to  green 
their  operations,”  she  says.“This  is 
yet  one  more  thing  they  can  do.” 

There  may  still  be  lingering  con¬ 
cerns  among  IT  managers  about 
the  reliability  of  servers  powered 
by  the  wind  or  the  sun.  For  his 
part.  Lutz  says  his  company  hasn’t 
experienced  any  problems. 

“In  all  the  years  that  we  have 
been  solar  powered  we’ve  never 
experienced  any  difficulties  or 
troubles  associated  with  [our 
hosting  service] ,”  he  says. 

That’s  because  while  these 
green  hosting  providers  are 
committed  to  powering  their 
systems  with  renewable  energy, 
just  like  their  more  traditional 
counterparts  they’re  also 
focused  on  meeting  service  lev¬ 
els.  AISO,  for  example,  has  a  nat¬ 
ural  gas-powered  backup  gener- 


I  Read  how  a  power  system 
relies  on  flywheel  technology 
rather  than  lead  batteries. 
Page  23. 


nww.coiii 

Network  World  VoIP  event 
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Real-Time  Networks  is  the  place  to  find  how  video  over  IR  unified  messaging,  and  col¬ 
laborative  apps  take  VoIP  to  the  next  level.  It's  the  Network  World  LIVE  Technology 
Tour  event  coming  in  June. 
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ator  that’s  set  to  kick  on  within 
a  minute  should  there  be  any 
issues  with  power. 

“There  has  to  be  backup  power 
or  the  [service  providers]  are  not 
going  to  meet  their  customers’ 
needs  for  reliable  hosting. That’s 
the  first  thing  they  have  to  worry 
about  because  [the  issue  of  relia¬ 
bility]  is  going  to  be  the  first  con¬ 
cern  or  barrier  that  you  have  to 
get  customers  over]’ Ottman  says. 

Once  customers  get  over  that 
hurdle,  it  still  comes  down  to 
quality  of  service. 

SustainableWebsites  “knew  what 
they  were  talking  about  with  Web 
sites,  so  finding  out  that  they  are 
also  green  and  run  on  [renew¬ 
able  energy], well, that  was  like 
icing  on  the  cake,”  says  l^e  Rod¬ 
rigues,  founder  of  Ethotec,  an 
environmentally  friendly  IT  con¬ 
sulting  firm  in  Oakland,  Calif.. 

For  many  Web  hosting  com¬ 
panies,  building  a  business 
using  renewable  energy  is 
more  than  just  about  tapping 
into  a  green  customer  base.  It 
stems  from  a  personal  commit¬ 
ment  to  conservation. 

Ivan  Storck,  president  and 
founder  of  SustainableWebsites, 
says  he  has  had  an  environmen¬ 
tal  focus  for  as  long  as  he  can 
remember.  He  launched  a  recy¬ 
cling  program  in  his  high  school 
and  helped  raise  money  to  pur¬ 
chase  rain  forest  acres  in  the  late 
1980s.  He  majored  in  environ¬ 
mental  studies  in  college.  So 
when  he  launched  his  hosting 
business,  it  made  sense  to  look 
for  renewable  energy  resources, 
he  says. 

“I’ve  been  involved  with  envi¬ 
ronmental  issues  for  a  long  time, 
so  I  wanted  to  figure  out  how  I 
could  offset  the  energy  I  use,” 
Storck  says. 

SustainableWebsites,  a  division 
of  Sustainable  Marketing,  gets  its 
electricity  the  traditional  way, 
but  purchases  wind  power 
through  renewable  energy  cer¬ 
tificates  to  ensure  that  its  hosting 
business  is  “100%  carbon  neu¬ 
tral,”  Storck  says.  ■ 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
alia  we  should  profile?  CMtact 
Bob  Brawl  wM  yoor  klaas  it 
bbrawi(i)iww.coa. 
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Execs  express 
top  security 
concerns 

BY  MICHAEL  COONEY 

BOSTON  — When  it  comes  to  protecting 
corporate  assets  there  seems  to  be  little 
security  managers  don’t  worry  about. 

That  was  the  impression  of  security 
executives  attending  the  recent  Con¬ 
verge  ’06  conference  —  also  known  as 
security  vendor  Courion’s  annual  cus¬ 
tomer  meeting. 

A  survey  of  54  security  executives  done 
by  Courion  and  the  Executive  Alliance 
consultancy  and  released  at  the  event 
showed  the  top  security  concerns  are: 

•  Unauthorized  systems  access. 

•  Auditability/compliance. 

•  Customer  data  breaches. 

•  Sabotage  (internal  and  external). 

•  Theft  of  intellectual  property 

•  Cost  of  administration. 

Unauthorized  network  access  from 

remote  access  or  mobile  workers  is  anoth¬ 
er  chief  concern. 

“We  need  to  get  a  better  handle  on  tele- 
woriters  and  remote  access.  My  greatest 
concern  going  forward  is  the  increased  use 
of  public  airways  for  such  access,”  said 
Suzanne  Hall,  director  of  IT  operations  and 
security  for  AARP  in  Washington,  D.C.AARP 
See  Courion,  page  20 


Short  Takes 


■  Fortinet  last  week  introduced  a 
lOGbps  security  blade  for  screening 
high-volume  traffic  in  large  organiza¬ 
tions.  The  FortiController  5208  blade 
can  aggregate  traffic  from  smaller 
Fortinet  security  blades  for  uplinks  to 
lOGbps  backbones.  The  device  sup¬ 
ports  a  firewall,  VPN,  anti-virus,  anti¬ 
spyware  and  intrusion-prevention  soft¬ 
ware.  The  software  is  sold  in  modules 
so  a  blade  can  perform  one  or  more 
functions,  and  those  functions  can  be 
changed  over  time  as  needs  change.  It 
meets  Advanced  Telecom  Computing 
Architecture  standards,  which  means 
it  works  in  chassis  built  by  other  ven¬ 
dors  whose  gear  meets  the  standards. 
The  5208  is  available  in  the  second 
half  of  2006  and  costs  $45,000. 


Enterasys  GEO  takes  over 


Most  technology  CEOs  get  excited 
about  taking  a  company  public; 
Enterasys  ’  new  CEO  Michael 
Fabiasch  sees  going  private  as  an 
equally  interesting  opportunity. 
Fabiasch  comes  to  Enterasys  after  pri¬ 
vate  equity  firm  The  Gores  Group 
bought  the  vendor  in  2005  and  took 
it  private.  He  recently  sat  down  with  Network  World  Senior 
Editor  Phil  Hochmuth  to  talk  about  his  new  job,  and  what’s 
next  for  the  company  that  is  the  last  vestige  of  Cabletron  still 
in  operation  independently. 

What  are  your  impressions  of  Enterasys  after  your  short  time  on  the  job 
as  CEO? 

One  week  into  this,  I’d  say  that  I’m  blown  away  by  the  technolo¬ 
gy,  the  intellectual  property  the  people.This  company  has  been 
through  some  difficult  times,  and  we’ve  retained  all  of  the  things 
you  have  to  retain:  that  is,  we  have  great  customer  relationships, 
great  people,  and  great  products  and  a  great  road  map.  We  have 
over  600  patents.  1  have  this  fundamental  belief  that  sales  is  a 
process;  it’s  not  a  department. And  that  great  companies  basically 
treat  sales  as  its  own  separate  company  and  they  treat  every  cus¬ 
tomer  interaction  as  an  opportunity  to  really  make  the  customer 
feel  special. 

We  have  perhaps  been  a  little  more  product-centric;  now  1  want 
us  to  be  more  customer-centric.  It’s  one  thing  to  have  the  prod¬ 
uct,  but  you  have  to  make  sure  that  people  know  how  to  market 
it.  So  they  have  to  articulate  why  it’s  different  and  better  and 
explain  to  customers  how  to  use  our  products  and  take  advan¬ 
tage  of  them. 

How  is  it  dHTerent  taking  over  a  hardware-focused  company,  coming  from 
the  software  world,  where  you  were  once  CEO  of  Aprisma  —  Enterasys’ 
former  management  software  arm  —  and  most  recently,  a  vice  presi¬ 
dent  at  CA? 

The  thing  about  software,  you  really  have  no  constraints. You 
can  reinvent  a  software  company,  if  you  wanted  to,  and  do 
something  totally  different  tomorrow.  Whereas  in  the  hardware 
business,  you ’re  basically  tooled  up  —  even 
if  you  do  your  own  manufacturing.You  gear 
your  whole  company  around  a  certain  prod¬ 
uct  set.  So  you  don’t  have  the  flexibility  to 
change  your  business  priorities  as  much  as 
you  could  in  the  software  business.  Having 
said  that,  the  whole  idea  of  selling  solutions  is 
almost  identical.  People  don’t  buy  a  network¬ 
ing  solution  today  without  knowing  what  the 
road  map  is.They  don’t  buy  a  switch  from  you 
today  just  based  on  what  you  have  today  They 
want  to  know  you’ll  be  around  two  years  from 
now  or  four  years  from  now.They  want  to  have 
the  kind  of  relationship  with  you  where  they 
give  you  input  into  your  products  going  for- 
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Read  a  longer  version  of  the  interview 
where  Michael  Fabiasch  explains  where 
the  company  stands  after  the  2002 
Securities  and  Exchange  Commission 
investigations. 
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ward.  So  those  things  are  all  very  similar. Those  are  things  where 
Enterasys  can  really  be  different,  as  a  smaller  $350  million  compa¬ 
ny;  1  can  take  the  time  to  meet  with  people  in  customer  meetings, 
with  customers  who  are  saying  what  they  want  to  have. 

Customers  love  to  be  sitting  across  from  the  CEO. 

Is  there  an  advantage  to  being  a  privately  held  company? 

I’m  really  excited  to  be  taking  the  company  private.  First,  1  go 
back  with  the  Gores  [Group]  people  a  long  way  1  know  how  they 
work.  Tm  very  excited  that  we’ve  taken  the  company  private, 
probably  for  three  reasons.  By  going  private,  we  can  get  off  the 
quarter-to-quarter  treadmill  that  public  companies  are  on;  we 
don’t  have  Sarbanes-Oxley  stuff  that  causes  us  to  do  things  that 
don’t  necessarily  add  value  to  the  business.  And  you  can  make 
decisions,  long-term  decisions  that  are  in  the  best  interest  of  the 
customers.You’re  going  to  see  a  lot  more  companies  going  pri¬ 
vate  in  the  next  several  years. 

Is  there  a  downside  to  being  private? 

There  really  isn’t.The  only  thing  is  that  a  [customer]  prospect 
may  say  to  us  that  they’ve  looked  at  the  financials  of  our  competi¬ 
tors,  who  are  public,  that  they  want  to  see  our  financials.  Frankly  if 
anyone  wants  to  see  our  financials,  we’ll  show  them  our  finan¬ 
cials  [under  a  nondisclosure  agreement] . 

Enterasys  has  been  strong  in  vertical  markets  —  education,  healthcare, 
state/local  government:  at  this  point  are  you  resigning  to  be  a  speciai- 
ized  network  vendor  catering  to  those  markets,  are  you  looking  to 
expand? 

We’re  going  to  do  both.  We’re  going  to  make  sure  that  our  high¬ 
er  education,  state-and-local  [government]  and  healthcare  cus¬ 
tomers  [are  absolutely  taken  care  of]. The  thing  about  IT  infra¬ 
structure,  you  can  sell  the  same  solutions  to  many  different  kinds 
of  companies. . .  .We’re  very  applicable  to  a  lot  of  markets. What 
we  won’t  let  ourselves  do  is  spread  ourselves  too  thin.  If  we  can 
enter  another  market  with  the  same  set  of  product  functionality; 
we’ll  do  it.  If  we  have  to  modify  our  product  functionality  to  get 
into  a  new  market,  we’re  not  going  to  do  it. 

How  much  of  your  product  features  come  from  the  vertical  market  cus¬ 
tomers  you  have?  For  example,  Enterasys’  whole  Secure  Networks  push 
seems  to  be  borne  out  of  higher  education. 

One  thing  I’ve  learned  is  that  an  experience 
one  organization  has  can  certainly  be  spread 
to  other  organizations  in  the  same  industry  But 
it  can  be  spread  to  other  industries  as  well. 
There  were  security  things  that  the  higher-edu¬ 
cation  users  were  experiencing  before  anyone 
else,  [in  terms  of  viruses  and  peer-to-peer]. We 
were  seeing  thought  leadership  really  on  the 
university  side,  really  ahead  of  the  enterpri,se  on 
those  issues.Then  in  government,  the  US.  Army, 
a  customer  of  ours,  was  experiencing  a  different 
kind  of  security  threat  —  people  randomly  tr}'- 
ing  to  barrage  their  networks  and  bring  cc.^^tain 

See  Fabiasch,  page  2U 
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Corralling  the  zombies 


SECURITY  INSIDER 

Mike  Rothman 


Zombies  are  the  No.  1  problem 
facing  network  and  security  pro¬ 
fessionals  today  No,  this  is  not  a 
bad  horror  movie.  Basically  com¬ 
promised  consumer  PCs  provide 
the  malicious  engine  behind 
every  major  attack  we  see  today 
Whether  the  attack  vector  is  e- 
mail,  instant  messaging,  DNS  poi¬ 
soning  or  denial  of  service,  you 
can  bet  a  zombie  network  is 
being  used  to  launch  the  attack. 

Aren’t  zombies  anonymous? 
The  analogy  that  1  use  to  help 
folks  understand  zombies  is  the 
file-sharing  networks  used  to 
pirate  —  1  mean,  share  —  music. 
Think  about  your  old  script  kid¬ 
dies  that  would  do  the  dirty  work 
themselves.  With  a  good  amount 
of  detective  work,  you  could  fig¬ 
ure  out  who  they  were  and  put  an 
end  to  it.  The  hacker  of  yesterday 


was  much  like  Napster,  central¬ 
ized  and  visible.  Focus  on  shutting 
down  the  individual  hackers,  and 
the  problem  was  controllable. 

Then  Kazaa  happened.  It  made 
file  sharing  anonymous.  There 
was  no  “villain”  to  go  after,  despite 
the  music  industry’s  best  efforts  to 
prosecute  someone.  These  com¬ 
promised  PCs  have  no  idea 
they’ve  even  been  compromised. 
Maybe  their  machine  runs  a  bit 
slower,  but  most  folks  just  keep 
going  their  merry  way  as  their 
machines  are  systematically  used 
to  break  the  law.  Now  any  and 
every  device  on  the  Internet  is  a 
potential  attacker.  That’s  pretty 
scary  so  what  can  we  do  about  it? 

The  good  news  is  that  we  are  not 
as  powerless  as  the  music  indus¬ 
try  to  stop  the  problem.  We  know 
what  needs  to  be  done,  but  it’s 
expensive  and  unpopular.  You 
need  to  take  the  zombies  off  the 
network  until  the  devices  can  be 
cleaned  up.  That’s  right.  Aunt 
Bessie  needs  to  be  put  into  the 
penalty  box,  because  it’s  her 
machine  (unbeknownst  to  her,  of 
course)  that  is  behind  the  attacks. 


The  ISPs  have  to  take  a  stand. 
They  have  to  stop  playing  the 
ostrich  game  and  pull  their  heads 
out  of  the  sand.They  have  to  pub¬ 
licly  denounce  zombies,  and  they 
have  to  be  willing  to  take  folks 
who  don’t  comply  off  their  net¬ 
work.  My  $30  a  month  cash  cow 
be  damned  —  these  folks  have  no 
right  to  continue  accessing  the 
networks  using  devices  carrying 
the  bubonic  plague.  Legally  ISPs 
have  the  power  to  do  this  through 
their  usage  policies.  But  to  date, 
they  have  not  wanted  to. 

Why?  Doesn’t  having  100,000 
zombies  streaming  away  on  an 
ISP’s  network  wreak  havoc  on  net¬ 
work  engineering?  Doesn’t  it  put 
all  the  other  folks  on  the  network 
at  risk?  Yes  and  yes,  but  it’s  easier 
to  solve  the  problem  by  throwing 
some  more  bandwidth,  boxes  and 
smart  network  architects  at  it.  So 
the  network  providers  have  cho¬ 
sen  not  to  deal  with  the  problem, 
because  it’s  too  hard. 

1  recently  came  across  a  compa¬ 
ny  called  Simplicita  (wwwsim 
plicita.com)  that  attempts  to  fix 
the  problem.  These  folks  have  a 


set  of  software  servers  that  basi¬ 
cally  identify  zombies  based  on 
behavior  and  then  using  DNS 
redirect  the  offenders  to  a  reme¬ 
diation  server  to  be  fixed.  It 
sounds  pretty  simple,  no?  Kind  of 
like  the  endpoint  control  aspect 
of  network  access  control,  but  for 
carriers. 

That’s  why  1  like  Simplicita’s 
approach.  It  is  well, simple.  Putting 
a  box  in  front  of  each  DNS  server 
isn’t  hard.  And  not  having  to  do 
anything  on  the  client  end  (they 
figure  out  who  is  bad  based  on 
what  the  devices  are  doing,  not  by 
scanning  the  machine)  is  a  clean¬ 
er  implementation.  It  also  gives 
carriers  additional  revenue  streams 
to  maybe  fix  these  machines  as  a 
value-add  offering  (or  at  least  get 
some  kickback,  1  mean  referral 
fees,  for  pointing  the  customer 
toward  someone  who  can  help). 

So  what’s  the  catch?  First,  these 
guys  are  early  So  it’s  not  clear  that 
it  works  at  ISP  scale,  especially  the 
behavioral  identification  of  zom- 
bies.The  concept  holds  water,  but 
until  1  see  it  in  practice  I’m  skepti¬ 
cal.  Second,  the  ISPs  have  to  be 


willing  to  take  irate  calls  from  cus¬ 
tomers  who  cannot  access  the 
network.  Depending  on  their 
answer,  the  customer  may  go  to 
another  provider,  and  ISPs  need  to 
be  OK  with  that. 

Finally  what  Simplicita  is  doing 
is  not  really  novel.  That’s  part  of 
what  I  like  about  it.  But  without  a 
significant  technical  barrier  to 
entry  there  will  be  lots  of  compa¬ 
nies  that  spin  existing  technology 
to  solve  this  problem.  So  the  mar¬ 
ket  will  inevitably  become  crowd¬ 
ed  and  confusing.  Pretty  much 
like  every  other  security  and  net¬ 
working  market. 

But  this  is  a  problem  that  must 
be  solved.  ISPs  are  the  only  folks 
in  a  position  to  do  anything  about 
it,  and  they  need  to  step  up.  At 
least  now  we  are  starting  to  see 
solutions  to  solving  the  problem. 

Rothman  is  president  and  princi¬ 
pal  analyst  of  Security  Incite,  an  ana¬ 
lyst  firm  focusing  on  information  se¬ 
curity.  Read  his  blog  at  http: //feeds. 
feedbumer.com/securityinciterants 
or  send  e-mail  to  mike.roth 
man@securityincite.com. 
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has  some  2,000  workers  in  65  sites  across 
the  United  States  linked  over  a  frame  relay- 
based  WAN  in  most  cases.“One  of  the  keys 
to  our  success  is  to  mobilize  our  volunteers 
across  the  US.  so  we  have  tools  in  place  to 
ensure  these  people  can  communicate  is 
key  We  use  mostly  SSL  VPN  technology  and 
have  had  pretty  good  success  with  it.” 

Hall  said  she  was  looking  forward  to 
Microsoft’s  Vista  operating  system  because 
Microsoft  has  said  it  will  make  it  easier  to 
add  endpoint  security  especially  for  mobile 
and  remote  access  workers.“That  is  promis¬ 
ing,”  she  said. 

Remote-access  security  is  a  concern  at 
Federal  Mogul,  a  $6  billion  auto  parts  com¬ 
pany  in  Southfield,  Mich.  But  it’s  not  the  pri¬ 
mary  concern  right  now. 

The  company  has  embarked  on  a  three 
year  journey  to  retire  more  than  40  ERP 
platforms  it  now  supports  and  bring  up 
eight  instances  of  SAP  software  in  its 
place. 

It  is  also  installing  an  identity-manage 
merit  system  to  help  secure  its  entire  oper¬ 
ation.  Adding  to  that  the  company  is  in  the 
process  of  standardizing  on  Microsoft  prod- 
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ucts  —  everything  from  Active  Directory  to 
Exchange  to  SharePoint,with  Courion ’s  pro¬ 
visioning  suite  (Dynamic  Community), said 
Ryan  Miller,  director  of  global  information 
assurance  for  Federal  Mogul. 

“It  is  a  massive,  complex  undertaking,” 
Miller  said.  Identity  management  is  a  top 
priority  for  Federal  Mogul  as  each  employ¬ 
ee  now  has  on  average  seven  passwords  to 
gain  access  to  various  systems,  and  “I  have 
over  12  passwords,”  he  added. The  firm  has 
108  manufacturing  sites  and  42,000  em¬ 
ployees  spread  over  the  United  States  and 
across  the  globe,  including  Asia,  Africa, 
Europe  and  South  America. 

“We  have  no  standard  access  methods 
nor  unique  employee  identification  meth¬ 
ods,  so  that’s  at  the  top  of  the  list  to  be 
changed,”  Miller  said. 

Despite  the  company’s  extensive  efforts. 
Miller  is  thinking  about  future  security 

“Network  access  control,  particularly 
Cisco’s  [Network  Admission  Control]  is 
intriguing  to  us, but  our  main  question  is, do 
we  want  to  separate  out  network  admission 
control  with  a  separate  system  using  some¬ 
thing  like  Symantec’s  tools  or  keep  it  in  the 
network  with  Cisco.  We  haven’t  made  those 
decisions yet,”Millersaid.Federal  Mogul  has 
a  network  made  up  of  10  or  1 1  vendors  and 
includes  everything  from  point-to-point 
frame  relay  connections  to  ISDN  backup 
capabilities.  Miller  said. 

Another  issue  on  the  horizon  involves  the 


Security  issues 

When  asked  what  their  top  security- 
related  priorities  were  in  2006, 
executives  at  54  companies  listed 
compliance/regulatory  issues  as 
their  main  concern.  Here's  the  list: 


E-mail  security  4% 

Access  controls  4% 

Auditing  5% 

Training  7% 

Mobile 
security 


Risk  management  11% 


SOURCE:  COURION/EXECUTIVE  ALLIANCE 


factory  floor.  Miller  said  that  from  a  manu¬ 
facturing  perspective  all  the  equipment  on 
the  shop  floors  that  used  to  be  dumb  is 
becoming  more  intelligent.“Everything  has 
an  operating  system  and  is  basically 
becoming  an  intelligent  multifunction 
device.  Those  kinds  of  devices  are  rapidly 
becoming  a  concern  where  they  weren’t  in 
the  past.’’B 


Fabiasch 

continued  from  page  19 
sites  down. 

There  seems  to  be  a  gang  evolving  in  the 
industry,  comprising  many  of  your  competi¬ 
tors  —  Juniper,  Extreme  and  Avaya  in  partic¬ 
ular  —  with  the  goal  of  going  after  Cisco. 
Where  does  Enterasys  fit  into  this,  in  terms  of 
VoIP  and  other  technology  partnerships? 

We’re  going  to  have  to  be  internally 
focused  for  the  next  four  to  six  months.  I 
want  to  be  the  absolute  best  vendor  in 
our  space  that  there  is,  with  regards  to 
every  aspect  of  the  customer  relationship. 
We’re  not  bad  today;  we’re  probably 
ahead  of  most  companies,  but  we’re  not 
where  I  want  us  to  be.  So  we’re  going  to 
fix  those  things  and  do  all  that. 

There  is  a  federation  of  states,  so  to 
speak,  that’s  ganging  up  against  Cisco. 
And  frankly,  it’s  in  the  customers’  best 
interest.  Cisco  is  a  big  dominating  player 
in  this  space.  Over  time,  it’s  not  in  cus¬ 
tomers’  best  interest  to  have  just  one  big 
dominant  vendor  who  can  boss  them 
around.  So  we  will  be  looking  to  join  a 
federation  like  that  when  it  makes  sense. 
Perhaps  we’ll  lead  one,  or  maybe  we’ll 
participate  in  one.  It  makes  a  lot  of  sense, 
and  ultimately  it’s  going  to  be  in  the  cus¬ 
tomers’  best  interest.  I  applaud  the  fact 
that  these  things  are  happening.  ■ 
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A  Stronger  Connection 


PMC-Sierra  &  Tachyon  Together  Deliver  the  Gold  Standard  for  Enterprise-Class  Storage  Systems.  With  the  addition 
of  Tachyon  Protocol  Controllers  to  our  industry-leading  Fibre  Channel  and  SAS/SATA  solutions,  PMC-Sierra  now  delivers  the 
most  complete  end-to-end  semiconductor  and  software  solutions  for  current  and  next  generation  Networked  and  Server 
Storage  systems.  Technical  advantages,  such  as  system  level  interoperability,  protocol  agnostic  software  architecture,  best  in 
class  signal  integrity  and  diagnostics,  make  PMC-Sierra  the  strongest  choice  for  reliable,  cost  effective  storage  solutions. 
Visit  www.pmc-sierra.com/storage  Enabling  connectivity.  Empowering  people. 
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UPS  designed  to  help  you  go  green 

CoolAir  DC  power  system  relies  on  flywheel  technology  rather  than  lead  batteries. 


^  MinPinr 


Hywheel  powered 


Active  Power's  new  CoolAir  DC  system  supplies 
flywheel-generated  power  to  the  data  center 
while  cooling  it,  too. 


Magnetic  bearing 
integrated  into 
field  circuit. 

Armature 
protects 
assembly 
from 
vibration. 


Made  of  Iron  with  no 
slots  for  low  loss  of 
energy,  power. 


Field- 

replaceable 
-  ■  bearing 
cartridge. 

Field  coll 
— •  controls 
output 
current. 

Flywheel  motor- 
generator  rotor. 


Enables  high  tip  speed 
and  high  output  power. 


BY  DENI  CONNOR 

Flywheel  technology, found  in  everything 
from  potter’s  wheels  to  airplane  altitude- 
control  systems,  has  also  found  a  home  in 
UPS  systems  for  data  centers. 

Active  Power  this  week  plans  to  introduce 
its  latest  UPS  that  relies  on  a  flywheel-based 
energy-storage  system.  The  company 
eschews  the  use  of  lead  batteries  in  its 
CoolAir  DC,  which  provides  85  kilowatts  of 
power  for  as  long  as  15  minutes  and  is  in¬ 
tended  for  power-backup  applications  in 
the  10  to  lOOkVA  (kilovolt  ampere)  range 
found  in  small  data  centers. 

What’s  more,  the  flywheel-based  device 
cools  the  data  center  as  it  powers  it. 

A  flywheel  consists  of  a  heavy  rotating 
disk  that,  as  its  momentum  increases, 
energy  is  stored  as  electricity.  When  power 
is  disrupted,  the  inertia  of  the  flywheel 
continues  to  generate  electricity,  which 
can  be  used  to  power  the  data  center  until 
a  backup  generator  kicks  in. 

Starting  at  $29,000  ($8,000  leased  for  one 
year), a  CoolAir  DC  costs  roughly  the  same 
as  a  lead-acid  battery  model.  Active  Power 
says. While  a  conventional  battery  must  be 
changed  or  recharged  every  three  to  four 


Short  Takes 


■  Decru,  a  division  of  Network  Ap¬ 
pliance,  is  announcing  a  device  that 
manages  encryption  keys  within 
stored  data.  The  Lifetime  Key  Man¬ 
agement  Appliance  is  based  on  Dec- 
ru’s  software-based  key-management 
technology.  Sixteen  Lifetime  Key  Man¬ 
agement  Appliances  can  be  clustered. 

■  EVault  has  announced  two  ser¬ 
vices  to  help  small  and  midsize  busi¬ 
nesses  manage  documents.  The  Elec¬ 
tronic  File  Conversion  Service  con¬ 
verts  a  document  collection  into  one 
electronic  file  type  and  lets  customers 
review  them  in-house.  The  Online  Re¬ 
view  Service  is  a  Web-based  tool  that 
can  handle  hundreds  of  millions  of 
documents.The  services  start  at  $500 
per  gigabyte. 


years,  flywheels  have  a  lifetime  of  about  20 
years.  During  that  time,  the  bearings  that 
hold  the  flywheel  in  place  need  to  be 
replaced. 

CoolAir  DC  is  designed  to  work  with  a  tra¬ 
ditional  UPS  or  with  a  backup  generator. 

“Lead-acid  UPSs  consume  a  lot  of  space 
in  data  centers  and  are  sensitive  to  condi¬ 
tions  prevailing  in  data  centers,  such  as 
dust  and  temperature,”  says  Farah  Saeed, 
an  industry  analyst  for  Frost  &  Sullivan.  She 
says  flywheel-based  systems  make  up  just 
a  fraction  of  the  multibillion-dollar  UPS 
market. “They  also  generate  a  lot  of  heat, 
which  causes  degeneration  of  the  UPS 
itself.  On  the  other  hand,  flywheels  can  bet¬ 
ter  handle  voltage  sags  and  surges  and  sit¬ 
uations  that  could  slowly  drain  the  batter¬ 
ies  of  a  traditional  UPS.” 

Freescale  Semiconductor  in  Austin  is 
among  the  companies  that  has  installed 
Active  Fbwer  flywheel-based  UPS  systems. A 
spokesman  says  the  systems  have  proved 
effective  and  environmentally  friendly 

“Active  Power  has  played  a  successful 
role  in  helping  us  manage  through  power 
disturbances  this  past  year  which  were 
caused  by  bad  weather  or  power  surges,” 
the  spokesman  says.  “It  has  helped  us 


BY  JENNIFER  MEARS 

Sun  is  officially  giving  customers  a  wider 
choice  on  its  SPARC  servers  with  the  an¬ 
nouncement  that  it  will  support  Linux  on 
its  new  multicore  UltraSPARC  T1  systems. 

Sun  has  spent  the  last  few  years  expand¬ 
ing  customer  choice  with  a  growing  portfo¬ 
lio  of  x86  systems  that  run  Linux  and 
Solaris.  But  the  announcement  last  week 
that  a  Linux  distribution  would  be  serviced 
and  supported  on  Sun’s  SPARC  platform  is 
a  first,  industry  experts  say 

“The  announcement  is  significant  in  that 
it  shows  Sun’s  willingness  to  let  users  freely 
choose  between  Solaris  and  Linux  instead 
of  just  having  Solaris  [on  SPARC]  ,”says  Red- 
Monk  analyst  Michael  Cote. 

Sun  joined  Canonical,  the  company  that 
distributes  Ubuntu  Linux,  in  announcing 
that  the  next  release  of  Ubuntu  would  su[> 
port  Sun’s  T 1000  and  T2000  servers. 


avoid  lost  production  time  and  lost  prod¬ 
uct,  thereby  resulting  in  cost  avoidance.” 

Active  Power,  which  started  in  1992,  com¬ 
petes  with  such  companies  as  American 


The  servers  are  built  on  Sun’s  new 
UltraSPARC  T1  chip,  which  includes  eight 
processing  cores  on  a  single  piece  of  sil¬ 
icon  and  can  handle  as  many  as  32  appli¬ 
cation  instructions  at  a  single  time.  The  ar¬ 
chitecture  is  perfect  for  jobs  such  as  Web 
serving  or  application  serving,  in  which 
dozens  of  software  threads  run  simultane¬ 
ously,  areas  where  Linux  has  become  well- 
established,  says  Mark  Shuttleworth, 
founder  of  Canonical. 

“The  pricing  of  these  [Tl]  systems  is  in 
line  with  the  prices  of  servers  people  would 
look  at  for  deploying  Linux,”  Shuttleworth 
says.“We  think  people  will  be  excited  about 
having  the  ability  to  deploy  Linux  on  this 
new  kind  of  architecture.” 

The  Sun  Fire  TIOOO  starts  at  just  less  than 
$3,000  and  the  Sun  Fire  T2000  starts  at 
about  $7,800. 

Ubuntu  is  best  known  on  the  desktop. 


Power  Conversion  and  Emerson  Network 
Power.  The  latter  recently  introduced  a  fly¬ 
wheel-based  UPS  that  can  support  as 
much  as  150kVA.H 


where  it  has  gained  widespread  adoption 
because  of  its  ease  of  use,  analysts  say. 
Ubuntu  6.06  LTS  [Long  Term  Support]  is  ex¬ 
pected  to  be  released  early  this  month  and 
will  include  the  first  “enterprisefocused” 
product  for  the  data  center. 

Ubuntu  6.06  LTS  includes  five  years  of 
support  on  the  server,  and  Canonical  offers 
technical  support  for  SPARC  deployments 
for  $700  per  year.  Ubuntu  6.06  LTS  also  sup¬ 
ports  Xeon-,  Opteron-  and  FbwerPC-based 
systems. 

Ubuntu  was  ported  to  the  SPARC  platform 
via  Sun’s  OpenSPARC  initiative,  which  gives 
developers  access  to  the  UltraSPARC  Tl 
specifications.  Sun  released  the  processor’s 
specifications  in  February,  saying  it  wanted 
to  make  it  easier  to  port  Linux  and  othei 
operating  systems,  as  well  as  applicatioris 
and  middleware,  to  the  platform  to  drive 
greater  interest  in  the  new  servers.  B 


Linux  comes  to  Sun  SPARC  servers 
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Supply  execs  share  disaster  strategies 


BY  ANN  BEDNARZ 

CHICAGO  —  Without  warning,  a  supply- 
chain  executive  from  Wal-Mart  told  his 
operations  and  administrative  staff  to  pre¬ 
tend  that  a  particular  distribution  facility 
had  burned  to  the  ground.  They  had  until 
the  end  of  the  day  to  figure  out  how  to  ser¬ 
vice  Wal-Mart’s  stores  without  depending 
on  the  impaired  facility  or  its  displaced 
staff. 

Such  training  exercises  help  Wal-Mart 
make  sure  its  supply-chain  operations  stay 
flexible,  says  Gary  Maxwell,  a  senior  vice 
president  in  the  Bentonville,  Ark.,  compa¬ 
ny’s  replenishment  division.  Maxwell  took 


Short  Takes 


■  Salesforce.com,  which  offers 
enterprise  applications  as  online  ser¬ 
vices,  and  JotSpot,  which  develops 
wiki  applications,  last  week  an¬ 
nounced  a  partnership  to  deliver  a 
suite  of  collaborative  services.  The 
JotSpot  Tracker,  which  lets  users 
share  Excel  spreadsheets  using  only 
a  Web  browser,  will  be  available  as 
an  on-demand  application  via  Sales 
force.com's  AppExchange.  Users  will 
be  able  to  incorporate  the  Tracker 
into  Salesforce.com  deployments. 
Today,  users  must  exit  Salesforce 
.corn's  CRM  application  to  work  with 
spreadsheets  for  project  schedules 
and  contact  lists.  JotSpot  Tracker 
for  salesforce.com  is  priced  at  $10 
per  user. 

■  TeaLeaf  last  week  announced 
revamped  Web-based  application 
performance-management  soft¬ 
ware  that  aims  to  let  customers 
more  easily  fix  problems  with  Web 
applications.  TeaLeaf  CX  gener¬ 
ates  alerts  based  on  specified 
events,  correlates  captured  data 
and  provides  detailed  reporting.  A 
viewer  component  replays  user  ses¬ 
sions,  letting  customers  reproduce 
problems  that  then  can  be  fixed. 

Set  to  be  available  at  the  end  of 
June,  an  average  implementation 
starts  at  about  $80,000. 


part  in  a  panel  of  supply-chain  experts  at 
the  Retail  Systems  show  held  in  Chicago 
last  month. 

Coping  with  supply-chain  dismptions  is  a 
challenge  for  many  companies,  says 
Andrew  White,  a  research  director  at 
Gartner  and  moderator  of  the  panel.  As 
retailers  and  manufacturers  continue  to 
trim  the  fat  from  supply  operations  and  tie 
investments  more  closely  to  demand,  it 


Jabber  adds 

BY  JOHN  FONTANA 

Instant  messaging  vendor  Jabber  has 
released  the  next  version  of  its  IM  appliance 
with  a  focus  on  interoperating  with  corpo¬ 
rate  directories  and  consumer  services. 

JabberNow  1.1  is  designed  to  help  cus¬ 
tomers  integrate  their  deployments  of  IM 
with  consumer  services  from  Google  and 
AOLThe  appliance  includes  an  add-on  for 
integrating  JabberNow  with  user  informa¬ 
tion  stored  in  Active  Directory  Jabber  also 
has  added  more  sophisticated  archiving 
features  to  help  users  meet  compliance 
requirements. 

“Interoperability  capabilities  are  becom¬ 
ing  much  more  critical  [for  IM],”  says 
Michael  Osterman,  president  of  Osterman 
Research.“If  you  look  at  the  way  IM  is  used 
now,  it  is  useful  for  intracompany  business, 
but  increasingly  it  is  going  to  become  key 
for  talking  to  people  outside  the  company 

Osterman  says  AOL  has  done  a  good  job 
federating  its  IM  service.  He  says  users  with 
AOL  Messenger  can  now  talk  to  about  75% 
of  IM  users  in  the  workplace.  AOL  has 
struck  deals  with  Jabber,  Microsoft  and  oth¬ 
ers  using  its  AOL  Federation  Gateway 

Gateways  now  support  interoperability 
between  such  services  as  Yahoo,  AOL  and 
MSN  and  corporate  systems,  such  as  Lotus 
Sametime,  Microsoft  Live  Communications 
Server,  Antepo,  Jabber  and  WiredRed. 

The  hope  is  for  such  standards  as  Session 
Initiation  Protocol  for  Instant  Messaging 
and  Presence  Leveraging  Extensions  (SIM¬ 
PLE)  and  XMPP  to  provide  that  interoper¬ 
ability.  A  recent  study  by  Osterman 
Research  showed  that  half  of  corporate  IM 
users  would  prefer  a  standard  to  support 
interoperability,  but  they  are  willing  to 
accept  the  gateway,  or  federation,  approach 


becomes  harder  to  maintain  a  resilient 
supply  chain.  “When  you  become  so  lean, 
the  supply  chain  is  very  fragile,”White  says. 

IT  systems  can  help.  For  example,  RFID 
technology  can  make  staff  more  aware  of 
events  and  conditions  in  the  supply  chain. 
White  says.  The  ability  to  collaborate  with 
trading  partners  also  is  a  key  discipline. 

For  Procter  &  Gamble  (P&G),a  well-tuned 
business-continuity  plan  was  critical  to 


JabberNow  1.1  aims  to  integrate  Googie  and 
AOL  and  aid  interoperabiiity  with  Microsoft’s 
Active  Directory. 

as  an  interim  step. 

Jabber  is  adding  GoogleTalk  directly  into 
JabberNow,  which  first  shipped  last  Septem¬ 
ber  and  features  a  quick  setup  model. 
Jabber  and  Google  support  the  Extensible 
Messaging  and  Presence  Protocol,  and 
Google  users  with  open  source  XMPP 
clients  also  can  access  Jabber  IM  features 
such  as  multiuser  chat. 

Interoperability  with  AOL  is  done 
through  a  software  add-on  to  the  Jabber¬ 
Now  appliance  that  supports  server-to- 
server  communication.  Users  don’t  get  the 
depth  of  functionality  Jabber  offers  on  its 


recovering  after  Hurricane  Katrina  swept 
through  the  Gulf  Coast  last  August  and  left 
the  company’s  Folgers  coffee-making  facili¬ 
ties  submerged.  “It  took  our  entire  produc¬ 
tion  facility  offline,”  says  Jake  Barr,  an  asso¬ 
ciate  director  of  supply  network  operations 
at  P&G. 

The  company’s  first  priority  was  its  work¬ 
ers.  Locating  staff  was  a  huge  job,  Barr  said. 

See  Disaster,  page  26 


platform,  such  as  text  conferencing,  but 
connections  with  AOL  users  support  pres¬ 
ence  information,  IM  and  indicators  when 
someone  is  typing.  The  names  of  Jabber 
users  show  up  with  a  special  icon  in  AOL 
buddy  lists  and  vice  versa,  and  Jabber 
users  do  not  have  to  have  AOL  accounts  to 
appear  on  AOL  buddy  lists. 

Jabber  also  offers  an  add-on  to  integrate 
JabberNow  with  Active  Directory  The  inte¬ 
gration  adds  a  button  to  the  Jabber  client 
that  lets  users  search  the  directory  to  find 
other  users,  who  then  can  be  invited  into 
chat  sessions  or  added  to  buddy  lists. 

The  Active  Directory  add-on  and  the  add¬ 
on  to  support  AOL  integration  are  loaded 
into  the  appliance  using  a  Web-based 
administrative  console. 

Jabber  also  has  developed  a  third  add-on 
that  is  focused  on  archiving  and  reporting. 
The  Message  Archiving  Plug-in  lets  u.sers 
store  all  messages  in  a  local  database  and 
eventually  export  them  for  storage  to  an 
external  database. 

Jabber  is  targeting  its  appliance  to  sup¬ 
port  500  or  more  users.  Jabber’s  XCP  plat¬ 
form  is  targeted  at  larger,  more  sophisticat¬ 
ed  IM  rollouts. 

“With  JabberNow  we  are  looking  at  small- 
business  knowledge  workers  and  highly 
proprietary  data-sharing  workers,  such  as 
those  at  law  firms  or  hedge  funds,”  says 
Dave  Uhlir,  vice  president  of  marketing  for 
Jabber. 

JabberNow  1.1  is  priced  at  $2,500  for  25 
users.  The  Active  Directory  add-on  is  $495 
and  the  Message  Archiving  Plug-in  is  $999. 
The  AOL  add-on  is  free  from  Jabber  but 
requires  users  to  obtain  a  certificate  from  a 
trusted  third  party  such  as  VeriSign  to  inter¬ 
act  with  AOL  ■ 


IM,  directory  integration 
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Who  is  going  to  watch  the  watchers? 


NET  INSIDER 

Scott  Bradner 


If  you  are  running  a  Windows 
computer  and  not  using  some 
sort  of  antivirus  package,  then  you 
are  likely  not  the  one  really  run¬ 
ning  your  computer.  It  is  very  like¬ 
ly  that  some  hacker  halfway 
around  the  world  can  do  any¬ 
thing  he  wants  to  with  “your”  com¬ 
puter.  In  a  Windows  environment 
running  antivirus  to  protect  the 
computer  from  worms  and  virus¬ 
es  is  what  is  euphemistically 
called  “a  required  option.”  So 
what  do  you  do  when  the  very 
tool  that  is  supposed  to  protect 


you  from  attacks  turns  out  to  be 
enabling  them? 

That  is  just  what  happened  with 
two  Symantec  security  products. 
On  May  25,  Symantec  confirmed 
(www.nwdocfinder.com/3724)  a 
report  from  eEye  Digital  Security 
that  the  Symantec  Client  Security 
and  Symantec  Anti-virus  Corpo¬ 
rate  Edition  products  have  a  vul¬ 
nerability  that  could  “allow  a 
remote  or  local  attacker  to  exe¬ 
cute  arbitrary  code  with  System 
level  rights”  (www.nwdocfinder. 
com/3725). 

Symantec  published  a  patch 
within  a  few  days,  far  faster  than 
Microsoft  will  get  around  to 
patching  a  Word  vulnerability 
that  was  announced  about  the 
same  time.  (Microsoft  almost 
always  waits  until  its  regularly 
scheduled  monthly  patch  date  to 


issue  patches  even  if  its  cus¬ 
tomers  are  getting  hurt  by  a  vul¬ 
nerability  Symantec,  and  many 
other  vendors,  do  not  show  such 
a  callous  disregard  for  the  safety 
of  their  customers.) 

It  makes  a  lot  of  sense  for  the 
bad  guys  to  target  an  antivirus 
package,  considering  the  almost 
ubiquitous  deployment  from 
such  a  few  players.  A  successful 
exploit  will  leave  a  lot  of  systems 
ripe  for  the  picking. 

This  episode  brings  up  the  age- 
old  question  in  the  security  field: 
“Who  will  watch  the  watchers?”  In 
this  case  it  was  an  independent 
security  company  one  that  has 
gotten  rather  good  at  ferreting  out 
these  sorts  of  things,  but  we  can¬ 
not  depend  on  having  such  a 
resource  in  all  cases. 

The  same  question  pops  to 


mind  when  reading  the  head¬ 
lines  of  the  past  few  weeks  about 
the  National  Security  Agency 
(NSA)  and  the  secret  equipment 
rooms  in  AT&T  data  centers 
(www.nwdocfinder.com/ 
3726).  Who  is  going  to  make  sure 
that  the  NSA  is  actually  doing 
only  what  it  almost  says  it  is 
doing.  I  say  “almost,”  because  the 
information  that  the  Bush 
administration  lets  out  is  far 
from  precise  about  the  NSA 
effort  in  this  case  as  well  as  in 
the  case  of  looking  for  calling 
patterns  (or  whatever  they  are 
doing)  with  all  the  calling 
records  some  of  the  phone  com¬ 
panies  so  kindly  gave  them. 

Security  expert  Bruce  Schneier 
explored  this  area  in  a  very 
insightful  May  18  column  in 
Wired  (www.nwdocfinder.com/ 


3727). The  big-brother  style  com¬ 
munications  world  being 
brought  to  us  by  governments  in 
the  name  of  protecting  us  from 
terrorists  or  protecting  children 
from  the  evils  of  the  Internet  is  a 
world  that  would  have  been  seen 
by  the  old  East  German  Stasi  as 
close  to  the  ideal.  Tie  this  world 
to  the  Internet  from,  for  and  by 
the  phone  companies,  as  the  FCC 
seems  to  want,  and  you  wind  up 
with  a  nightmare. 

Disclaimer:“Harvard”and  “night¬ 
mare”  are  related  concepts  in  a 
few  people’s  minds,  but  the  uni¬ 
versity  did  not  express  an  opinion 
on  watching  watchers.  I  did. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Improvilig  visibilKy 


IT  systems  that  can  provide  increased  visibility  into  supply-chain  conditions  are  a  priority  for  CIOs,  according  to  the  Retail 
Technology  Study  conducted  by  Gartner  and  RIS  News. 

■  Up-to-date  technology  in  place 

■  Major  technology  upgrade  in  progress 

■  Will  start  technology  upgrade  this  year 

■  Will  start  technology  upgrade  within  two  years 
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Disaster 

continued  from  page  25 

To  help  its  displaced  workers,  P&G  set  up 
Gentilly  Village,  a  temporary  housing  facili¬ 
ty  on  the  Folgers  plant  site  that  accommo¬ 
dates  500  families  and  is  still  in  use. 

Meanwhile,  available  P&G  employees 
and  contractors  took  steps  to  repair  and 
restart  the  Folgers  plant  and  manage  retail¬ 
ers’  coffee  supply  —  when  Katrina  hit,  it 
affected  40%  of  coffee  consumption  in 
North  America,  Barr  says. 

Despite  all  the  hurdles,  P&G  managed  to 
reopen  its  Folgers  plant  on  Sept.  19,  just 
three  weeks  after  Katrina  hit.  By  Sept.  23, 
P&G  had  resumed  more  than  85%  of  its  cof¬ 
fee  production  using  third-party  sources 
and  alternate  P&G  sites.  By  November,  the 
company  had  its  coffee  production  and 
roasting  facilities  running  at  full  capacity 

Having  detailed,  up-to-date  contingency 
plans  allowed  P&G  to  bring  its  plant  back 
online  quicklyBarrsaid.There  was  no  time 
to  make  plans  with  the  hurricane  swirling 
offshore;  they  had  to  already  be  in  place. 

P&G’s  plans  included  a  fresh-water  source 
and  secondary  suppliers  for  items  such  as 
packing  materials.  The  company  also  had 
design  images  and  digital  photos  of  every 
part  of  its  operations.  In  the  weeks  leading 
up  to  Hurricane  Katrina,  P&G  had  refreshed 
its  disaster-recovery  plans,  which  it  does  on 
a  regular  basis  so  the  data  stays  current, 
Barr  said. 

Barr  recommends  continual  testing  of 
backup  systems  and  processes  as  a  part  of 
normal  supply-chain  operations.“Preparing 
for  chaos  is  an  everyday  job,”  he  said. 

Other  users  agreed  that  flexibility  is  criti¬ 
cal  to  recovering  from  a  supply-chain  dis¬ 
ruption. 


Staffing  flexibility  for  example,  helped 
P&G  get  its  Folgers  business  operational 
after  Katrina  hit.  P&G  maintains  similar 
operational  processes  throughout  its  myri¬ 
ad  divisions,  which  meant  that  managers 
from  other  P&G  business  lines  could  step 
in  and  help  with  coffee  operations  without 
needing  product-specific  training,  Barr 
says. 

Distribution  flexibility  also  is  critical  to 
supply-chain  agility.  Wal-Mart  used  to  have 
different  distribution  networks  for  particu¬ 
lar  categories,such  as  general  merchandise 
or  dry  grocery  goods.'Traditionally  we  had 
a  very  category-focused  network,”  Maxwell 
says. “There  wasn’t  a  lot  of  flexibility.  A  par¬ 
ticular  item  had  to  be  run  through  a  partic¬ 
ular  network.” 

Today  Wal-Mart’s  warehouses  are  more 


flexible  and  can  handle  multiple  types  of 
items,  he  says. 

That’s  the  sort  of  flexibility  SYSCO,  a  food 
service  distributor,  is  looking  to  implement. 
The  Houston  company  provides  meals  to 
restaurants,  hotels,  schools,  hospitals  and 
retirement  homes. 

“Historically  we’ve  been  a  very  distributed 
companj/’ says  Masao  Nishi,vice  president 
of  supply  chain  management  at  SYSCO.  It 
has  70  logistics  managers  who  manage  the 
transportation  of  goods  from  SYSCO’s  sup¬ 
pliers  to  its  70  U.S.  operating  companies,  for 
example. 

Nishi  is  helping  the  company  make  the 
transition  from  running  dozens  of  small 
supply-chain  networks  to  one  large  net¬ 
work  that  takes  advantage  of  some 
economies  of  scale.  With  respect  to  the  sup¬ 


ply  chain,  the  plan  is  for  SYSCO  to  act  like 
one  large  company  not  70  smaller  compa¬ 
nies,  Nishi  said. 

When  the  transition  is  complete,  the 
majority  of  supply-chain  activities  will  be 
run  from  Houston,  supported  by  regional 
operations  and  distribution  centers.  There 
are  a  lot  of  benefits  to  centralization,  but 
there’s  also  increased  risk,Nishi  says.  In  the 
past,  the  effect  of  a  supply-chain  disru]> 
tion  was  typically  limited,  because  each 
SYSCO  operating  company  ordered  its 
supplies  independently.  “Now  that  we’re 
going  to  do  it  all  in  one  place,  we  have  to 
make  sure  that  we’re  able  to  handle  what 
we  need  to  manage  throughout  the  coun- 
trjf  Nishi  says. 

SYSCO  is  about  halfway  through  its  cen¬ 
tralization  project,  he  says.  ■ 
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SERVICE  PROVIDERS 


■  THE  INTERNET  IVPNS  ■  INTEREXCHANGES  AND  LOCAL  CARRIERS  ■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE 

Tax  abolished,  but  collection  may  linger 


Companies  could  reap  millions  in  refunds. 


Half  an  unfair  levy  eye  on  the  carrier 


BY  DENISE  PAPPALARDO 

The  US.  Treasury  Department  recently 
abolished  an  antiquated  telecom  tax  law 
that  stands  to  benefit  all  business  and  resi¬ 
dential  customers,  but  carriers  are  not  talk¬ 
ing  about  when  the  levy  will  disappear 
from  your  invoice. 

While  the  government  finally  has  decided 
to  do  away  with  the  3%  tax  on  all  long-dis¬ 
tance  calls,  you  can  expect  to  see  the 
charge  continue  at  least  through  July  31. 

It’s  not  surprising  that  the  government 
finally  capitulated,  says  Steve  Shea,  manag¬ 
ing  director  at  consulting  firm  TechCaliber. 
“This  is  a  big  [win]  for  business  customers.” 

Some  customers  could  be  looking  at  mil¬ 
lions  of  dollars  in  refunds,  according  to 
Shea.  Many  business  users  started  filing  for 
refunds  as  long  as  three  years  ago,  as  the 
government  debated  this  issue  and  it 
dragged  through  litigation. 

But  exactly  when  the  item  will  be  abol¬ 
ished  from  your  invoice  is  another  ques¬ 
tion.  AT&T,  Sprint  and  Verizon  Business 
would  not  comment  last  week  beyond  say¬ 
ing  they  are  evaluating  the  ruling  and  what 
impact  it  will  have  on  their  processes. 

Predictably  customers  are  pleased. 

“More  money  for  businesses  is  obviously 
a  good  thing,"  says  Jason  Hittleman,  vice 
president  of  IS  at  RKA  Petroleum  in 
Romulus,  Mich. 

“It’s  going  to  be  a  cash-flow  adjustment 
for  carriers.  They  have  a  certain  amount  of 
time  before  they  have  to  remit  those 
monies,  which  is  the  same  for  the  fuel  busi¬ 
ness,”  he  says.  “It’s  like  a  free  miniloan.  Re¬ 
adjusting  for  the  lack  of  that  money  is  prob¬ 
ably  a  bigger  adjustment  than  removing  the 
charge  from  invoices.” 

Big-name  companies,  including  Ford  and 
Office  Max,  have  been  fighting  for  years  via 
litigation  to  have  the  tax  abolished.  The 
question  now  is  whether  customers  need 
to  wait  for  the  carriers  to  follow  through. 

“If  customers  decided  they  were  just  not 
going  to  pay  that  amount  on  the  invoice 
anymore,  what’s  to  stop  them,”  asks 
Jermaine  Mason,  IT  manager  at  Wilson 
Sporting  Goods.  “If  the  government  has 
ruled  it  is  to  be  removed,  why  should  any¬ 
one  continue  to  willingly  pay  it?” 

The  IRS  will  issue  refunds  for  taxes  paid 
over  the  past  three  years  with  their  2006  tax 
return  filings. 


Tax  facts 

The  Federal  Excise  Tax  was: 
Established  in  1898. 

Pupse:  to  fund  the  Spanish-American  War. 
3%  levy  on  local  and  long-distance  calls. 

And  going  forward: 

Only  the  long-distance  tax  is  abolished. 

Repeal  begins  July  31. 

Refunds  expected  for  taxes  paid  in 
the  past  three  years. 


“The  most  savvy  enterprise  customers 
have  already  filed  their  claims,  but  there  are 
plenty  who  have  not.  They  need  to  get  that 
done  now,”  Shea  says.  He  points  out  that 
those  who  have  filed  for  refunds  as  long  as 
six  years  ago  could  be  looking  at  multimil- 
lion-dollar  refunds  as  long  as  they’ve  kept 
their  claims  up  to  date. 

The  Treasury  says  that  because  of  the 
statute  of  limitations,  refunds  filed  today 
can  only  cover  the  past  three  years.  ■ 


ADC  acquires 

BY  JIM  DUFFY 

ADC  last  week  announced  that  it  will 
acquire  Andrew  Corp.  in  a  $2  billion  stock 
deal. 

The  combined  company  will  meld  ADC’s 
wireline  products  with  Andrew’s  wireless 
infrastructure  portfolio  to  create  a  $3.3  bil¬ 
lion  company  addressing  next^eneration 
broadband,  video,  data  and  voice  opportu¬ 
nities.  The  combined  company  will  offer 
equipment  for  carriers  and  enterprises 
spanning  copper,  coaxial,  fiber,  radio  fre¬ 
quency,  antennas,  cable  products,  base  sta¬ 
tion  subsystems,  in-building  and  distributed 
coverage,  geolocation  systems  and  satellite 
communications. 

The  combined  customer  base  currently 
includes  nearly  all  major  wireline  and  wire¬ 
less  service  providers  in  the  world,  as  well 
as  many  of  the  world’s  largest  communica¬ 
tions  OEMs,  and  large  corporate,  govern- 


is  better  than  one. 

Great  news!  You  probably  heard  that  the 
3%  phone  tax  is  finally  history  —  sort  of.  I’m 
talking  about  the  Federal  Excise  Tax,  which 
was  enacted  in  1898  to  pay  for  the  Spanish- 
American  War  and  has  been  charged  to 
telecom  users  pretty  much  ever  since  (it 
was  repealed  from  1902  to  1914). 

In  September,  I  noted  the  Senate  was  re¬ 
viewing  proposals  to  eliminate  the  FETAs  I 
wrote  then:  “As  for  the  Spanish-American 
War:  Hello,  Washington,  it  ended  in  1898. 
Let’s  terminate  its  taxes,  too.” 

Now,  it  would  be  really  nice  if  our  elected 
representatives  had  heeded  that  call  and 
made  the  sensible  decision  that  the  FET 
was  a  bad  idea  whose  time  had  gone. 

But  no,  that’s  asking  too  much  of  the  folks 
in  Congress.  We  owe  FET  repeal  to  the 
courts,  which  ruled  against  the  Internal 
Revenue  System  (IRS)  in  a  series  of  law¬ 
suits  filed  by  enterprises  including  Office¬ 
Max  and  Ford. 

Amusingly,  the  Department  of  the 
Treasury  which  oversees  the  IRS,  recently 
lauded  the  ruling  —  which  the  IRS  had 
appealed  five  separate  times  in  federal 
courts.  As  Treasury  Secretary  John  Snow 
said,  “The  government  will  finally  abolish 


Andrew  Gorp. 

ment  and  education  enterprises.  It  expects 
to  employ  20,000  people. 

ADC  and  Andrew  have  estimated  that 
synergies  will  generate  additional  annual 
pretax  earnings  of  $70  million  to  $80  mil¬ 
lion  in  the  third  year  after  closing  the  trans¬ 
action,  expected  in  four  to  six  months. 

The  deal  is  structured  as  a  stock-for-stock 
merger,  with  Andrew  becoming  a  wholly 
owned  subsidiary  of  ADC. 

The  combined  company  will  be  based  at 
ADC’s  headquarters  in  Minnesota  with 
ADC’s  John  Blanchard  continuing  as  non¬ 
executive  chairman,  and  ADC’s  Robert 
Switz  continuing  as  its  president  and  CEO. 
The  board  of  directors  of  the  combined 
company  will  have  12  members;  eight  will 
be  current  ADC  directors,  including  Blan¬ 
chard  and  Switz,  and  four  will  be  current 
Andrew  directors.  The  name  of  the  com¬ 
bined  company  will  be  ADC  Andrew.  ■ 


Johna  Till  Johnson 


the  outdated,  antiquated  tax  that  has  sur¬ 
vived  a  century  beyond  its  original  pur¬ 
pose,  and  by  now  should  have  been 
ancient  historyf’  (Snow  resigned  last  week.) 

You  heard  that  correctly:  Despite  having 
fought  tooth  and  nail  in  the  courts  to  keep 
the  tax,  the  IRS  is  glad  it  lost  the  case  and 
would  like  to  take  credit  for  the  outcome. 
No  word  on  whether  the  IRS  is  planning  a 
refund  to  taxpayers  on  the  legal  fees  it’s 
racked  up. 

The  basic  details:  Starting  July  31,  phone 
companies  can  no  longer  charge  the  FET 
on  long-distance  calls  and  bundled  ser¬ 
vices,  and  the  IRS  will  be  issuing  refunds  to 
individuals  and  businesses  on  all  such 
taxes  paid  over  the  past  three  years,  to  the 
tune  of  approximately  $13  billion. 

To  make  sure  your  organization  gets  the 
refund,  alert  your  accounting  department 
to  the  change.  Individuals  should  make 
sure  to  apply  on  their  2006  tax  forms  (the 
ones  that  are  filed  in  2007). 

But  here’s  the  kicker:  The  court  ruling 
only  applies  to  the  FET  levied  on  long-dis¬ 
tance  calls.  FET  is  still  collected  on  local 
calls  —  and  if  you’ve  been  paying  atten¬ 
tion  to  your  phone  bills  lately, you’ll  notice 
the  local-access  portion  is  a  hefty  chunk 
of  change.  The  rationale?  OfficeMax  and 
the  others  didn’t  contest  the  local  portion 
of  the  FET.  Because  it  wasn’t  in  contention, 
it  remains. 

You’d  think  Congress  would  act  quickly  to 
eradicate  the  other  half  of  the  FETYou’d  be 
wrong.  Congress  has  been  trying  to  phase 
out  the  tax  since  the  1960s,  but  because  it 
supplies  some  $4  billion  per  year  to  the  fed¬ 
eral  coffers,  our  fearless  legislators  can’t 
seem  to  muster  the  backbone.  So  if  you 
want  to  get  rid  of  the  other  half  of  the  FET, 
you’ll  need  to  do  what  worked  the  first 
time:  Bring  on  the  lawyers. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  Johna@nemertes.com. 
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_THE  INVASION 

_DAY  16:  These  servers  are  so  hot,  we’re  running  the  AC  at  full 
blast,  and  the  thermometer  is  still  pushing  140!  Had  to  relax 
the  dress  code  in  the  server  room.  No  choice.  It’s  towels  and 
flip-flops  until  we  get  this  heat  problem  under  control. 

_Gil  says  he’s  lost  a  lot  of  weight.  I  hadn’t  noticed. 

_DAY  17:  I  found  a  cooler  answer  to  our  heat  problem:  the  IBM 
BladeCenter®  with  Intel®  Xeon®  Processors  reduces  the  overall 
amount  of  power  required  by  the  system.  The  BladeCenter  is 
designed  to  respond  automatically  to  power  events  and  can  use 
up  to  37%  less  energy!  Less  power.  Less  heat.  Less  money. 

Less  stress. 

_0h,  apparently  HR  had  a  problem  with  the  dress  code  but  couldn’t 
call  and  tell  us,  since  the  phones  had  melted. 


IBM.COM/TAKEBACKCONTROL/BLADE 


INNOVATIONS  IN 


Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ’’ 


JOHNNY  C.  WHITE 
CIO 

Florida  Guardian  ad  Litem  Program 


‘Recess  your  future  today  at 
■■  citrix.com. 


i?006  CiTrix  Systems,  Inc.  All  rights  reserved.  Citrix*  is  a  trademark  of  Citrix  Systems,  Inc. 
.0/0)  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent  and 
!ro!;.;’nark  Office  and  in  other  countries.  All  other  trademarks  and  registered  trademarks  are 
th:-  p  ot'crfy  of  their  respective  ovioers. 


CITRIX 


6.5.06  •  www.networkworld.com  •  31 


TtCHMOtilfiY  UPMTE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Devices  speed  GIFS  WAN  traffic 


BY  AHMEET  DHILLON 

Common  Internet  File  System  is  a  remote 
file  access  protocol  that  forms  the  basis  for 
Windows  file  sharing.  CIFS  performs  poorly 
over  high-latency  WAN  links  because  it’s 
chatty  meaning  a  large  number  of 
back-and-forth  transactions  are 
required  to  complete  a  request. 

For  example,  to  transfer  a  single 
30MB  file,  CIFS  would  have  to  make 
hundreds  of  round  trips  between  a 
client  and  a  server.  On  a  typical 
LAN  this  would  take  a  few  seconds, 
but  on  a  2Mbps  WAN  link  with  300- 
millisec  latency,  it  would  take 
approximately  7.5  minutes.  WAN 
acceleration  appliances  can  solve  the  per¬ 
formance  problem. 

These  devices  are  placed  at  both  ends  of 
a  WAN  link,  such  as  in  a  data  center  and 
branch  office.  They  speed  application  per¬ 
formance  over  a  WAN,  reducing  transfer 
time  by  as  much  as  two-thirds,  to  approxi¬ 
mately  2.5  minutes  for  the  30MB  file. 
Further,  because  the  technology  can  pre¬ 
dict  client  requests  and  prestage  data  local 
to  the  client,  subsequent  transfers  of  the 
same  30MB  file  would  require  only  about 
30  seconds. 

CIFS  defines  a  client  and  server:  A  CIFS 
client  is  used  to  access  files  on  a  CIFS 
server.  For  example,  each  time  a  user 
browses  or  accesses  files  on  a  Windows 
server  using  Windows  Explorer,  CIFS  is 
used  to  transport  information  (files  or 
directory  information)  between  the  client 
computer  and  the  server  it  is  accessing.  In 
a  single  round  trip  between  client  and 
server,  the  CFIS  protocol  can  transfer  only 
61KB  of  data.  Each  CIFS  request  requires  a 
response  before  the  next  request  is  sent  to 


After  a  CIFS  client 
opens  a  file  and  the 
server  responds  with 
a  file  ID,  the  client 
issues  the  first  read 
request  and  the  server 
responds  with  data. 


HOW  IT  WORKS;  WAN  acceleration  appliance 

A  WAN  acceleration  appliance  reduces  the  latency  experienced  by  a  Common 
Internet  File  System  client 

WAN  accelerator  WAN  accelerator  Server 

appliance  appliance  ^ — y. 
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The  WAN  acceleration 
appliances  determine  that 
the  CIFS  client  is 
attempting  a  file 
download.  The  server- 
side  appliance  begins 
prefetching  data  by 
generating  read  requests 
locally  to  the  server. 


Response  (n) 


Response  (n) 


Response  (n) 


The  prefetched  data  is  sent  to  the  client  side  of  the  WAN  acceleration  appliance  and  stored 
temporarily  in  anticipation  of  requests  from  the  CIFS  client.  As  the  client  requests  the  data, 
the  WAN  accelerator  appliance  sends  the  replies  at  LAN  speeds,  vastly  improving  performance. 


the  CIFS  server.  As  latency  increases,  per¬ 
formance  decreases. 

A  WAN  acceleration  appliance  must 
incorporate  in-depth  knowledge  of  the 
CIFS  protocol  so  it  can  determine  when  a 
certain  CIFS  transaction  is  likely  to  occur 
and  then  act  on  behalf  of  both  client  and 
server  to  reduce  latency  on  the  client  side 
to  LAN-like  levels. 


It  does  this  by  prefetching  data  (for  exam¬ 
ple,  a  file)  and  temporarily  storing  it  in  sys¬ 
tem  memory  for  future  reference.  Once  the 
prefetched  data  is  referenced  it  is  deleted 
from  the  memory  No  file  caching  is  in¬ 
volved;  just  transient  storage  of  data  to  facil¬ 
itate  improved  CIFS  response  time.  This 
approach  also  eliminates  security  concerns 
because  the  appliance  does  not  store 


prefetched  data  as  a  file  and  this  data  is 
erased  from  the  appliance’s  temporary 
memory  if  not  accessed. 

The  sequence  of  events  used  by  a  WAN 
accelerator  appliance  for  a  CIFS  file  down¬ 
load  (read)  request  is  as  follows: 

•  CIFS  client  opens  a  file  for  reading. 

•  CIFS  server  responds  with  a  file  ID. 

•  CIFS  client  issues  the  first  read  request 
and  CIFS  server  responds  with  data.  This 
first  transaction  takes  a  relatively  long  time 
because  the  read  request  and  response  are 

bound  by  WAN  latency 
•  Once  the  WAN  application 
accelerator  sees  the  initial  transac¬ 
tions,  it  can  determine  if  the  CIFS 
client  is  attempting  a  file  down¬ 
load.  If  it  is,  the  WAN  acceleration 
appliance  on  the  server  side 
begins  prefetching  data  by  gener¬ 
ating  read  requests  locally  to  the 
server.  If  this  is  a  repeat  transfer  or 
if  the  file  contains  repeated  data, 
then  the  WAN  accelerator  appli¬ 
ance  on  the  server  side  will  trans¬ 
fer  only  a  small  amount  of  data.This  will  fur¬ 
ther  speed  the  CIFS  transfer. 

•  The  prefetched  data  is  sent  to  the  client- 
side  appliance  and  stored  temporarily  in 
anticipation  of  requests  from  the  CIFS 
client.  As  the  CIFS  client  requests  the  file 
data,  instead  of  getting  each  61KB  from  the 
server  (and  going  across  a  high-latency 
WAN),  it  now  gets  the  replies  locally  from 
the  client-side  appliance  at  LAN  speeds. 
This  will  vastly  improve  CIFS  download  per¬ 
formance. 

Dhillon  is  director  of  product  management 
at  F5  Networks.  He  can  be  reached  at 
a.  dhillon@f5.  com. 


Ask  On  Internet  By  Steve  Blass 


We’re  starting  a  Java  EE  Web  services  project. 

Is  NetBeans  or  Eclipse  a  better  choice  of  inte¬ 
grated  development  environment  (IDE)  for  such 
a  project? 

Both  NetBeans  and  Eclipse  IDE  are  usable  for  Java 
Enterprise  Edition  (EE)  Web  service  development.  You 
can  download  the  NetBeans  Java  EE  5 Tools  Bundle  (at 
http://java.sun.com)  and  get  the  NetBeans  IDE  and  the 
Sun  Java  System  Application  Server  in  one  package. 
With  Eclipse,  you  can  download  the  Eclipse  IDE  installa¬ 


tion  bundle  (at  www.eclipse.org)  and  the  Eclipse 
WebTools  Project  installation  package.  With  either  IDE 
you  also  need  to  install  the  Java  Runtime  or  the  Java 
Software  Development  Kit. 

The  NetBeans/Sun  combination  works  well  out  of  the 
box  and  lets  you  get  started  a  little  more  quickly  than 
the  Eclipse/WebTools  combination.  Also  consider  which 
application  server  you  will  use  in  production.  NetBeans 
is  a  better  choice  if  you  use  the  Sun  application  server 
in  production,  while  Eclipse  works  better  with  Web¬ 
Sphere.  Neither  IDE  has  an  advantage  over  the  other 


when  used  with  other  application  servers  (in  produc¬ 
tion,  at  least).  NetBeans  has  a  visual  GUI  builder  in  the 
base  package  download,  while  Eclipse  users  need  to 
install  the  Visual  Editor  separately. 

Try  them  both  and  pick  the  one  you  feel  most  comfort¬ 
able  with  through  the  tutorials.  Then  join  the  great 
debate  online  once  you’ve  formed  your  own  opinion. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@chcmge 
atwork.com. 
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The  quest  for  the  Holy  Remote 


Unless  you  really  planned  your 
home  theater  setup,  your  collection 
of  gear  —  your  television, VCR,  DVD 
player,  amplifier  and  TV  tuner  —  will 
usually  come  from  a  number  of 
manufacturers.  Herein  lies  the  prob¬ 
lem  at  the  heart  of  this  week’s 
episode  of  Gearhead. . . . 

In  the  secret  underground  Gear- 
head  testing  bunker  and  day  spa  we 
have  a  hodgepodge  of  audio  and 
video  equipment.  To  turn  on  and 
adjust  the  TV  display  (a  5-year-old 
Fujitsu  Plasmavision),we  have  one  controller,  a  second  for 
the  JVC  amplifier  and  video  switch,  a  third  for  the  Sony 
DVD  player,  a  fourth  for  the  Philips  VCR  and  a  fifth  for  the 
DirecTV  tuner/digital  video  recorder. 

None  of  these  remotes  can  control  all  the  devices,  and 
while  some  are  smart  enough  to  control  devices  other  than 
the  one  they  came  with,  no  single  combination  of  two  or 
three  remotes  seems  capable  of  controlling  everything. 

This  plethora  of  plastic  was  not  a  hit  with  Mrs.  Gearhead. 
Besides  the  fact  that  one  or  more  of  them  was  always  lost 
between  the  cushions  or  stolen  by  one  of  the  dogs,she  real¬ 
ized  there  was  only  a  one-in-five  chance  of  picking  up  the 
remote  she  wanted.  So  this  normally  tolerant  and  under¬ 
standing  woman  was  driven  to  issue  an  ultimatum: “I  want 
no  more  than  two  remotes,  or  else  . . . .” 

We  have  no  idea  what  “or  else”  might  be  and  not  the 


slightest  interest  in  finding  out, so  we  began  a  mission: The 
Quest  for  the  Holy  Remote. 

In  the  past  we  tried  a  couple  of  the  “universal”  remotes 
and  the  one  that  worked  best  was  the  now  obsolete 
URC7800  Universal  Remote  Control  manufactured  by  One 
For  All  (OFA).  OFA  now  produces  some  much  slicker  uni¬ 
versal  remotes,  such  as  the  Kameleon  range  (www.nwdoc 
finder.com/3729). 

None  of  these  remotes  can 
control  all  the  devices. 

OFAs  universal  remotes  and  many  similar  products  re¬ 
quire  you  to  look  up  and  enter  numeric  codes  to  define  the 
devices  to  be  controlled.  Getting  a  code  sequence  wrong 
(particularly  after  you’ve  set  up  a  macro  to  control  a 
sequence  of  devices)  can  mean  starting  all  over  again. 

Remembering  the  7800  seemed  to  have  a  bad  memory 
and  that  it  seemed  to  only  partially  handle  the  Fujitsu  dis¬ 
play  we  went  looking  for  a  better  solution. 

Lo  and  behold,  into  our  sweaty  hands  landed  the  Lxrgi- 
tech  Harmony  550  Advanced  Universal  Remote  (www. 
docfinder.com/3730). 

Unlike  many  other  universal  remotes,  the  Harmony  550 
doesn’t  have  an  overwhelming,  kaleidoscope  of  colored 
buttons.  It  has  a  satisfactory  sleek  design  and  weighs  just 
enough  to  feel  substantial. 

The  LCD  display  (which  is  backlit,  as  are  the  keys,  in  a 


pleasing  muted  blue)  changes  to  dynamically  label  six  sur¬ 
rounding  buttons  depending  on  what  is  being  controlled. 

What  got  us  excited  about  the  550  is  that  it  is  a  huge  step 
forward  in  the  quest  for  the  Holy  Remote:  Once  set  up  for 
your  various  pieces  of  equipment,  it  also  provides  one- 
touch  “activities”  such  as  “Play  a  DVD”  or  “Watch  TiVo.” 

But  it  is  in  the  setup  that  the  Harmony  550  really  shines, 
because  the  device  is  USB  enabled,  and  you  program  it  via 
your  PC.  Your  PC  has  to  be  connected  to  the  Internet,  be¬ 
cause  the  management  software  that  you  install  from  the 
supplied  CD  downloads  device  configuration  data  from 
the  Logitech  Web  site  and  then  updates  the  remote. 

The  programming  of  the  550  is  easy,  if  not  always  as  logi¬ 
cal  as  it  might  be.  There  are  also  occasional  pauses  while 
data  is  retrieved  from  the  Web  site  but  no  indication  that 
anything  is  happening,  so  you  are  occasionally  fooled  into 
thinking  the  software  has  died  on  you. 

We  went  through  the  setup  procedure  defining  our 
devices  and  enabled  various  activities.You  can  modify  any 
or  all  settings  for  button  functions  and  even  add  comput¬ 
ers,  home  or  office  automation  systems  and  any  custom 
device  that  can  be  controlled  by  infrared  signaling. 

We  just  tried  it  out  and,  yep,  it  does  work  and  excellently 
so.  Now  for  the  biggest  test  of  all . . .  Mrs.  Gearhead. 

The  Logitech  Harmony  550  Advanced  Universal  Remote 
retails  for  $150. 

Are  you  in  control?  Tell  us  on  Gibbsbiog  or  at  gearhead® 
gibbs.com. 


GEARHEAD 
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Quick  takes  on  high-tech  toys.  Keith  Shaw 


We’ve  got  notebook  fever. 

*  The  scoop:  Dell  Precision  M90  laptop, starting  at  around  $2,200. 

What  it  is:  A  high-powered  notebook  for  users  who  need  power  for 
applications  such  as  3-D  design,  graphic  arts  or  video  editing/production.  Fully 
loaded,  the  MOO  comes  with  an  Intel  Core  Duo  processor  T2600  (2.16  GHz),  an 
Nvidia  Quadro  FX  2500M  graphics  card  with  512MB  of  dedicated  memory  4GB  of 
RAM,  a  5-in-l  memory  card  reader,  six  USB  ports  and  a  FireWire  (IEEE  1394)  port. 
JTiere  also  is  an  integrated  Gigabit  Ethernet  port,  along  with  built-in  wireless  with 
support  for  802.1  la/b/g  networks.The  system  is  heavy  —  our  test  model  weighed  9 
pounds,  and  measured  15.5  inches,  meaning  our  standard  carrying  case  couldn’t 
hold  it. 

Why  it’s  cool:  For  data-intensive  applications  such  as  video  editing,  “normal” 
laptops  are  usually  missing  that  fifth  gear  to  make  the  user  experience  such  that 
you  could  ditch  your  desktop.  The  Precision  M90  provides  that  extra  gear  for 
those  who  need  to  edit  video  or  work  with  drafting  applications  while  on  the 

road.  We’ve  tried  running  our  video  editing 
application  of  choice,  Adobe  Premiere,  on 
other  machines  with  poor  results.  The  M90 
nearly  matched  the  performance  of  our  Dell 
desktop  we  use  for  video  editing,  which  fea¬ 
tures  dual  Xeon  processors.  The  17-inch 
WUXGA  screen  on  the  M90  was  one  of  the 
brightest  we’ve  seen. 

A  caveat:  We  wanted  a  hard  drive  option 

TIk)  0811  Precision  M90  laptop  nearly  "'P  ^ 

matched  the  performance  of  our  space. 

Oell  desktop  for  video  editing.  Grade:  ★★★★i  (out  of  five) 


The  Lenovo  N100  is 
targeted  at  SMBs. 


The  scoop:  Lenovo  3000  N 100  notebook,  from  Lenovo,  start¬ 
ing  at  $700  ($1,300  for  the  model  we  tested). 

What  it  is:  The  latest  widescreen  notebook  from  Lenovo, 
the  NlOO  models  are  aimed  at  small  and  midsize  business 
(SMB)  users  or  those  looking  for  a  notebook  to  watch 
movies  and  play  games.  The  system  includes  an 
Intel  Core  Duo  processor  T2400  (1.83 
GHz), 512MB  of  system  memory  (up¬ 
gradeable  to  2GB),  an  Nvidia  Ge¬ 
Force  Go  7300  graphics  card,  100GB  hard 
drive  and  integrated  Ethernet  and  V92  modem 
ports.The  system  includes  four  USB  2.0  ports,  a  four- 
pin  IEEE  1394  port  and  a  handy  4-in-l  media  card  reader, 
among  other  interfaces.  The  6.34-pound  notebook  included 
integrated  Bluetooth  and  802.1  la/b/g  wireless  connectivity 

Why  it’s  cool:  The  15.4-inch  widescreen  LCD  screen  blew 
us  away  —  the  company’s  VibrantView  feature  lets  light  pass 
through  with  minimal  diffusion.  While  intended  to  optimize  multimedia  and  high- 
end  graphics  and  video,  we  found  that  normal  Web  surfing  and  other  activities  with 
the  notebook  benefited  as  well. 

In  addition,  the  integrated  fingerprint  sensor  let  us  increase  security  by  allowing 
only  registered  users  onto  the  system  (it  was  easy  to  enroll  fingers  and  log  on). The 
Lenovo  Care  application  allows  for  easy  access  to  maintenance  and  configuration 
tasks,  something  SMB  IT  departments  would  appreciate. 

Some  caveats:  While  we  usually  appreciate  bundled  applications,  we  were  turned 
off  by  the  inclusion  of  the  Norton  Internet  Security  bundle  —  while  the  software 
aims  to  protect  users  from  security  threats,  we  were  annoyed  by  constant  alert  mes¬ 
sages  and  settings  that  prevented  us  from  connecting  to  our  own  network  resources 
(until  we  discovered  the  problem,  we  thought  the  notebook  had  a  serious  flaw). 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com.  Multimedia  Editor  Jason  Meserve  Qme 
serve@nww.com)  conducted  the  testing  of  the  Dell  M90. 


Spam,  Spyware,  IM,  and  Virus  protection  at  an  affordable  price. 


•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 


POWERFUL 


EASY  TO  USE 


AFFORDABLE 


Aggressive  reseller  program  available.  Get  more  info  by  visiting 

www.barracudanetworks.com/nww  or  (888-ANTI-SPAM) 
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H-IB  limits  raised, 
controversy  ignited 

You  knew  it  was  coming  and  you  knew  it  would  be 
controversial. The  U.S.  Senate  last  week  approved  a 
motion  that  would  increase  the  number  of  H-IB  visa 
workers  allowed  in  the  United  States  at  any  one  time  from 
65,000  to  1 15,000  and  let  it  grow  beyond  that  if  the  higher 
threshold  is  met.  It  surely  will  be. 

The  H-IB  provision  was  part  of  the  immigration  reform 
bill  that  is  generating  so  much  controversy.  It  was  sneaky  of 
the  Senate  to  include  the  H-IB  provision  in  the  bill,  in  that 
few  were  likely  to  pay  attention  given  the  bill’s  overarching 
goal.  But  that’s  a  story  for  another  day 
Not  surprisingly,  Bill  Gates,  Microsoft’s  chief  software 
architect,  said  in  a  statement  that  the  Senate  took  a  “criti¬ 
cal  step  forward  in  its  important  work  to  ensure  that  our 
nation  remains  the  global  leader  in  technology  innova¬ 
tion.”  Gates  and  leaders  from  other  tech  companies,  such 
as  Intel,  have  for  years  called  for  a  higher  cap  on  H-IB 
visas,  arguing  they  cannot  find  enough  U.S.  workers  with 
tech  skills. 

Anecdotal  evidence  aside,  that’s  hard  to  imagine. “The  real 
H-IB  program  has  more  to  do  with  providing  companies 
with  cheap  labor  and  little  to  do  with  making  America 
more  competitive,”  Ron  Hira,  vice  president  for  career  activi¬ 
ties  at  the  Institute  of  Electrical  and  Electronics  Engineers- 
USA  (lEEE-USA),  recently  told  a  House  of  Representatives 
subcommittee.“The  program  is  basically  broken  and  can 
be  easily  manipulated.  Until  it’s  fixed,  it  makes  no  sense  to 
increase  the  cap.” 

In  2005,  the  U.S  Office  of  Management  and  Budget  said 
the  H-IB  program  is  “vulnerable  to  fraud  and  abuse”  be¬ 
cause  the  U.S.  Department  of  Labor  has  limited  means  to 
check  the  wages  paid  to  H-IB  workers,  Hira  noted.  lEEE- 
USA  also  has  said  out-of-work  U.S.  IT  workers  should  get  the 
first  shot  at  vacant  U.S.  tech  jobs. 

And  make  no  mistake;  H-lBs  are  highly  sought  after. The 
number  of  applications  for  H-lBs  for  the  federal  govern¬ 
ment’s  fiscal  year  2006  hit  the  current  cap  in  August  2005,  a 
month  and  a  half  before  the  fiscal  year  even  began. 

Of  course,  what  the  House  and  Senate  agree  on  and  what 
President  Bush  signs  into  law  could  be  quite  different  from 
what’s  currently  being  talked  about.  Detractors  of  the  bill 
say  the  fact  that  it  is  included  in  a  highly  charged  bill  that 
seems  unlikely  to  pa.ss  in  its  current  form  means  it’s  possi¬ 
ble  the  H-IB  increase  could  never  see  the  light  of  day 
Proponents,  however,  are  many  and  their  lobbying  power 
cannot  be  underestimated. 

Our  guess  is  H-IB  numbers  will  rise.  Not  because  of  any 
grand  open-door,  we-need-thehelp  entreaties  but  simply 
because  it  will  get  lost  in  the  larger  immigration  bill. 

—  Michael  Cooney 
News  editor 
mcooney@nww.  com 


Too  much  to  ask 

Regarding  Mark  Gibbs’  BackSpin  column  on  the 
need  for  cell  phone  vendors  to  focus  on  usability 
rather  than  features  (www.nwdocfinder.com/3723): 
To  answer  Gibbs’  question,  yes,  in  a  world  where  first 
to  market  and  lowest  cost  are  paramount,  wanting 
“stuff  that  works”  is  too  much  to  ask.To  really  design 
things  well  takes  both  time  and  money  Even  simple 
things  don’t  get  designed  right.  How  many  doors 
have  you  tried  to  go  through  by  pushing  on  the 
hinged  side  because  the  correct  side  to  push  wasn’t 
evident?  Also,  an  “antisalesperson”  is  much  less  ex¬ 
pensive  to  employ  than  someone  who  really  knows 
both  the  product  and  how  to  sell. It  takes  time  to  find 
good  salespeople  and  acquaint  them  with  the  prod¬ 
ucts.  The  problem  is  that  the  way  the  accounting  is 
done,  the  opportunity  cost  isn’t  visible.The  fixed  cost 
for  the  antisalespeople  is  low,  but  the  lost  sales  vol¬ 
ume  is  invisible.  The  development  cost  for  a  poorly 
designed  and  tested  product  is  low,  but  again,  the 
lost  sales  volume  for  a  good  product  is  never  known. 

Robert  Spooner 
Associate  research  engineer 
Applied  Research  Laboratory 
Pennsylvania  State  University 
State  College,  Pa. 

Mark  Gibbs’  comments  regarding  the  problems 
with  cell  phone  design  and  reliability  will  resonate 
with  most  owners  of  these  sophisticated  multifunc¬ 
tional  devices.  Unfortunately  he  is  crying  in  the 
wilderness.  His  bully  pulpit  is  just  too  small  to  have 
much  of  an  effect  on  these  giants.  Gibbs  can  in¬ 
crease  his  clout  by  recommending  some  sort  of 
action  that  readers  could  take  that  would  send  a 
message  to  the  manufacturers.  In  the  case  of  the  cell 
phone  guys,  I  have  taken  to  returning  the  dysfunc¬ 
tional  equipment  as  often  as  I  can.  It  usually  turns 


out  that  the  replacement  has  the  same  problems  as 
the  original,  but  I  derive  a  certain  amount  of  satis¬ 
faction  from  returning  defective  products.  And  if  all 
of  us  starting  doing  it ... . 

Tom  Graly 
Pomona,  Calif. 

I’m  shocked  that  Mark  Gibbs  would  complain 
about  the  new  techniques  behind  technological 
sales.There’s  the  “replacement  parts  that  cost  more 
than  the  original  product”  technique  and  then 
there’s  the  “pile  on  enough  whiz-bang  wonderfuls 
to  hide  the  piece  of  junk  we’re  selling”  technique. 

For  years,  Microsoft  has  added  more  unnecessary 
high-tech  trinkets  to  an  insecure  and  unstable  oper¬ 
ating  system,  but  still  doesn’t  address  the  basic  issues 
affecting  its  products.  It  made  the  whole  cover-it-u]> 
with-doodads  technique  successful. 

No  one  would  buy  a  new  car  that  couldn’t  make  it 
out  of  the  driveway  just  because  it  had  the  latest  and 
greatest  media  toys.  It  would  still  need  to  function 
dependably  as  a  car.  No  one  would  buy  a  high-defi- 
nition  television  if  the  new  technology  caused  it  to 
be  constantly  shutting  itself  down  because  it  had 
been  on  too  long  or  was  susceptible  to  all  types  of 
interference. 

If  that  were  the  case,  most  people  would  prefer  a 
basic  TV  that  was  stable  and  worked  consistently 
over  the  latest  and  greatest.  As  long  as  people  are 
ready  to  buy  the  latest  technology  before  it  actually 
works  as  it  should,  they  should  stop  whining  when 
—  surprise  —  it  doesn’t  work. 

Gerald  banning 
Senior  programmer/analyst 
American  Printing  House  for  the  Blind 

Louisville,  Ky 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 
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USER  VIEW 
Chuck  Yoke 


Here  we  go  again ...  sort  of 


What  do  this  summer’s  clothing  fashions  and 
the  current  trend  in  network  computing 
have  in  common?  Both  are  examples  of 
Peter  Allen’s  song, “Everything  Old  is  New  Again.” 
The  song  —  written  for  the  1979  musical  “All  That 
Jazz” —  advises  us  to  “not  throw  the  past  away,  you 
may  need  it  again  some  rainy  da/ 

During  a  recent  shopping  trip  with  my  daughter, 
1  saw  racks  upon  racks  of  1960s-era  clothes.  Bell- 
bottom  jeans,  peasant  blouses,  paisley  shirts,  wide 
leather  belts,  even  a  double-breasted  Nehru  jack¬ 
et  lined  up  to  empty  my  wallet  so  that  my  eighth- 
grade  daughter  could  wear  the  clothes  1  wore  in 
eighth  grade  almost  40  years  ago. 

But  even  though  they  were  old,  they  were  still 
“new!’ The  fashion  designers  had  cleverly  made 
subtle  but  noticeable  changes  that  would  have 
rendered  my  original  ’60s  attire  obsolete.  So  even 
if  1  still  had  my  bell-bottoms,  they  would  not  be 
the  right  ones  for  my  ’06  fashion-conscious 
daughter. 

In  network  computing  as  well,  everything  old  is 
new  again.  Grid  computing  touts  many  benefits 
that  sound  very  familiar  to  those  of  us  who 
worked  with  1980s  mainframe  computing.  The 


grid  concepts  of  virtualization,  job  scheduling 
and  resource  allocation  may  be  new  to  those 
who  entered  IT  in  the  age  of  distributed  comput¬ 
ing,  but  not  to  those  who  cut  their  teeth  on  main¬ 
frame  operating  systems  such  as  IBM  MVS  or  VAX 
VMS.  Granted,  some  of  the  specifics  of  the  imple¬ 
mentation  are  different,  but  the  overall  concept  is 
nothing  new. 

Even  the  physical  component  of  grid  comput- 

Bell-bottoms  are  bell- 
bottoms,  and  virtualization 
is  virtualization. 

ing  —  multiple  computers  connected  by  software 
to  form  a  computing  grid  that  shares  disparate  re¬ 
sources  —  is  familiar  to  those  of  us  who  created 
VAX  clusters  in  the  1980s  and  1990s.  Again,  the 
specific  implementation  may  be  different,  but  the 
idea  is  really  not  new.  Yes,  just  as  my  1960s  war¬ 
drobe  has  enough  differences  to  render  it  out  of 
style  with  the  new  retro-fashions,  so  too  there  are 
enough  differences  in  grid  computing  to  render 
the  mainframe  obsolete.  But  when  all  is  said  and 


done,  the  concept  is  not  new.  Bell-bottoms  are 
bell-bottoms, and  virtualization  is  virtualization. 

A  benefit  to  all  of  this  may  be  in  the  IT  workforce. 
During  the  late  ’90s,  older  IT  workers  were  often 
viewed  with  some  disdain  because  of  their  pro¬ 
cess  mentality  Younger  workers  were  viewed  as 
being  more  energetic,  flexible  and  forward-look¬ 
ing.  Then  the  economy  shifted,  and  IT  was  no 
longer  the  treasure  chest  of  high  salaries,  so 
younger  workers  moved  on.  Process-focused  ini¬ 
tiatives  such  as  the  Sarbanes-Oxley  Act,  IT  Infra¬ 
structure  Library  and  Control  Objectives  for  Infor¬ 
mation  and  Related  Technology  have  made  FT  un¬ 
desirable  to  those  who  want  more  flexibility  and 
freedom.  Labor  projections  show  there  may  be  a 
shortage  of  new  IT  workers  in  the  next  five  years. 

Which  means  that  the  large  number  of  graying, 
process-oriented,  ex-mainframe  workers  who 
were  once  viewed  with  disdain  may  find  they  are 
now  more  valuable  than  they  ever  imagined.Yes, 
everything  old  is  new  again. 

Yoke  is  director  of  strategy  and  architecture  for  a 
global  travel  and  real  estate  corporation.  He  can  be 
reached  at  ckyoke@yahoo.com. 


ABOVE  THE  CLOUD 


James  Kobielus 


Master  data  mani^nieiit  is  key  to  compliance 


Companies  cook  the  books  at  their  own 
peril.  That’s  the  principal  lesson  we’ve 
learned  from  Enron  and  other  corporate 
scandals  these  past  few  years.  Even  when  thiev¬ 
ery’s  not  the  issue,  the  messier  your  official  sys¬ 
tem  of  records  is,  the  more  likely  you  are  to  incur 
the  wrath  of  regulators,  litigators  and  the  finan¬ 
cial  community  in  general. 

Compliance  is  the  art  of  making  sure  that  your 
organization’s  data-management  practices  pass 
muster  with  authorities  and  stakeholders.  Where 
compliance  is  concerned,  data  quality  integrity 
and  security  are  everything.  If  you  can’t  produce 
operational  data  of  sufficient  completeness, 
validity  accuracy  and  granularity  you  won’t  be 
able  to  prove  you’ve  complied  with  the  next  reg¬ 
ulatory  mandate.  And  your  corporate  brass  might 
not  be  able  to  prove  their  innocence. 

Master  data  management  (MDM)  is  the  key  to 
corporate  compliance.  MDM  refers  to  the  infra¬ 
structure,  tools  and  best  practices  for  governance 
of  official  corporate  records  that  may  be  scat¬ 
tered  across  diverse  databases  and  other  reposi¬ 
tories.  MDM  helps  you  assure  that  data  has  been 
generated.vetted,  processed,  protected  and  trans¬ 
mitted  according  to  a  consistent  set  of  policies 
and  controls. 

MDM  has  become  the  grand  unification  field 
for  all  data-management  technologies.  Increas¬ 
ingly,  enterprise  IT  groups  are  laying  out  MDM 
strategies  that  encompass  relational  databases, 
data  warehouses  and  profiling;  quality  tools, 
including  data  mapping  and  transformation 
engines;  business  intelligence,  enterprise  infor¬ 
mation  integration  (EIQ,  extract  transform  load 
as  well  as  metadata  management,  reporting  and 


auditing.  Vendors  are  scrambling  to  reposition 
their  data-management  products  under  this  new 
umbrella. 

Expect  to  see  ongoing  consolidation  in  the  MDM 
market  as  vendors  assemble  more  comprehensive 
product  suites  and  aim  to  strengthen  their  com¬ 
pliance-value  proposition.  Dominant  data-man¬ 
agement  vendors  will  continue  to  beef  up  their 
data  quality  and  metadata  management  offerings. 

For  example,  IBM  fields  one  of  the  strongest 
MDM  suites  on  the  market.  It  has  made  several 
data-management  acquisition  in  recent  years  — 

Expect  to  see  ongoing 
consolidation  in  the 
MDM  market. 

most  notably  Ell  pioneer  Ascential  —  to  build  up 
its  MDM  portfolio.  Recently,  IBM  acquired 
Unicorn  Solutions,  a  leading  provider  of  enter¬ 
prise  tools  that  manage  metadata.  Such  manage¬ 
ment  is  critical  to  compliance,  which  requires 
organizations  to  understand  where  data  origi¬ 
nates,  how  that  data  maps  to  other  data,  and  how, 
when  and  by  whom  it  was  modified. 

Also,  Business  Objects,  a  business  intelligence 
market  leader,  recently  rolled  out  several  new 
and  enhanced  products  under  its  banner  of 
enterprise  information  management.  Although  it 
doesn’t  explicitly  use  the  term  MDM,  Business 
Objects  now  fields  a  comprehensive  MDM  suite. 
With  the  latest  product  announcements,  it  has 
added  to  its  portfolio  critical  Ell,  metadata  man¬ 
agement,  data  cleansing,  data  lineage  assess¬ 
ment,  data-modification  impact  analysis  and  data 


visualization  features.  Also,  it  recently  acquired 
Firstlogic,  a  leading  vendor  of  data-quality  tools, 
stressing  the  importance  of  cleansed,  consistent, 
accurate  data  to  the  compliance  equation. 

Other  business  intelligence  vendors  —  such  as 
Cognos,  SAS,  Informatica  and  Hyperion  —  have 
similar  directions.  Data  reporting,  query  and  visu¬ 
alization  tools  from  these  vendors  provide  criti¬ 
cal  links  in  the  compliance  chain.  One  can’t 
understate  the  importance  of  business  intelli¬ 
gence  in  the  MDM  value  proposition.  Ultimately, 
proving  your  company’s  compliance  with  regula¬ 
tions  depends  on  persuading  human  beings  that 
operational  data  is  clean,  consistent  and  accu¬ 
rate  and  presenting  that  data  in  a  clear,  com¬ 
pelling  format. 

However,  MDM  is  no  magic  bullet.  And  it’s  not 
yet  a  well-defined  set  of  infrastructure  compo¬ 
nents,  tools  or  standards.  It’s  equivalent  to  service 
oriented  architecture  or  enterprise  service  bus  in 
the  sense  that  it  defines  an  ideal  high-level  archi¬ 
tecture  that  can  be  complex,  costly  and  difficult 
to  implement  and  administer. 

MDM  is  a  growing  body  of  best  practices  for 
managing  distributed  data  resources  as  a  unified 
corporate  asset.  Without  MDM,  companies  can’t 
prove  that  scattered  corporate  records  constitute 
a  “single  source  of  truth.”  Without  an  unimpeach¬ 
able  official  system  of  records,  your  lawyers  will 
have  to  work  twice  as  hard  to  prove  your  organi¬ 
zation  is  complying  with  the  letter  of  the  law. 

Kobielus  is  a  principal  analyst  at  Current 
Analysis  in  Alexandria,  Va.  He  can  be  reached 
jkobielus@currentanalysis.com.  Tlte  opinions  ex¬ 
pressed  are  his  own. 
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Two-factor  Authentication 


It’s  not  who  you  know;  ft's  what  you 
know  plus  what  you've  got, 


BY  JEFF  VANCE 


ncreased  online  fraud 

and  new  industry  regulations  are  driving  com¬ 
panies  to  search  for  stronger  authentication 
methods.The  problem  is  there’s  little  agreement 
on  the  best  authentication  method  or  what  con¬ 
stitutes  multifactor  authentication. 

However,  a  set  of  best  practices  is  slowly  emerging  that 
will  help  you  develop  a  strong  authentication  program. 

The  first  step  is  a  basic  one.  Before  jumping  ahead  to 
buying  hardware  tokens  and  face-recognition  scanners, 
you  need  to  thoroughly  understand  your  risks. 

“When  it  comes  to  authentication,  there  is  no  one-size- 
fits-all  solution,” says  Sally  Hudson,  an  analyst  at  lDC.“Much 
depends  on  the  level  of  security  needed  by  the  end  user^ 

For  example,  most  banks  will  probably  offer  different  lev¬ 
els  of  access.  For  accounts  that  are  high  risk,  the  bank  will 
issue  tokens  or  smart  cards.  For  customers  who  pose  lower 
risks,  the  bank  will  more  likely  use  software-only  authenti¬ 
cation,  Hudson  says. 

Security  consultant  Bruce  Schneier  agrees  that  it’s  impor¬ 
tant  to  identify  the  problem  before  you  decide  on  authenti- 
cation.“You  have  to  step  back  and  make  sure  that  there  is  an 
authentication  problem  that  needs  to  be  solved,”  he  says.“lf 
there  is,  then  two-factor  authentication  will  make  an  enor¬ 
mous  amount  of  difference.  If  there  isn’t,  then  it  won’t.” 

There  are  three  key  questions  to  ask  when  setting  up  an 
authentication  system,  according  to  Karen  Devine  of  RSA 
Security: 

1. Who  are  you?  Is  this  person  an  employee, a  partner  or 
a  castomer?  Different  levels  of  authentication  would  be 
set  up  for  different  types  of  people. 

2.  Where  are  you?  For  example,  an  employee  who  has 
already  used  a  badge  to  access  the  building  is  less  of  a  risk 
than  an  employee  or  partner  logging  on  remotely. 
Someone  logging  on  from  a  known  IP  address  is  less  of  a 
risk  than  someone  logging  on  from  Nigeria  or  Kazakhstan. 

3.  What  do  you  want?  Is  this  person  accessing  sensitive  or 
proprietary’  information  or  simply  gaining  access  to 
benign  data? 

Wlien  dealing  with  consumer-facing  applications,  such 
as  online  banking  and  e-commerce, strong  authentication 
must  be  balanced  with  convenience.  “There’s  a  trade-off 
between  increased  protection  and  turning  customers 


away  from  your  online  channel,”  cautions  Kathie  Claypool, 
senior  vice  president  of  e-commerce  for  Bank  of  America. 

If  it’s  too  difficult  to  bank  or  shop  online,  users  will  go 
back  to  the  brick-and-mortars. 

Bank  of  America  uses  challenge  questions 

With  14.6  million  online  clients.  Bank  of  America  has  the 
largest  online  banking  user  base  in  the  world, so  the  more 
costly  authentication  options,  such  as  biometrics  or  USB 
tokens,  were  prohibitively  expensive. 

Because  phishing  and  identity  theft  prey  on  a  user’s  will¬ 
ingness  to  enter  information  into  fraudulent  Web  sites  as 
much  as  they  do  on  weak  authentication,  Claypool  says  it 
was  important  for  authentication  to  be  mutual. 

Bank  of  America  ultimately  chose  PhssMark  Security’s 
technology  to  build  its  SiteKey  authentication  around. 
When  customers  use  SiteKey  for  the  first  time.  Bank  of 
America  asks  them  to  select  an  image  they  recognize, 
write  a  phrase  and  select  challenge  questions. 


When  consumers  go  to  the  Bank  of  America  Web  site 
and  see  its  image  and  phrase,  they  know  the  site  is  valid. 
Conversely  when  the  bank  sees  something  unusual  about 
a  user’s  logon,such  as  a  request  coming  from  an  unknown 
IP  address,  it  issues  challenge  questions.  When  it  receives 
the  correct  answers  to  those  questions,  the  bank  has  a 
higher  degree  of  certainty  about  a  user’s  identity 
In  terms  of  authentication,  it’s  more  two-tiered  authenti¬ 
cation  rather  than  two-factor  security  because  it  relies  on 
what  you  know  (your  password)  plus  other  things  you 
know  (answers  to  questions).  Even  so,  it’s  much  better  than 
user  names  and  passwords  alone. At  a  cost  of  about  $1  per 
user  per  year,  the  solution  should  easily  pay  for  itself  with 
reduced  fraud. 

Bayshore  Health  invests  in  RFID  tags 

Bayshore  Community  Health  Services  represents  the 
opposite  end  of  the  spectrum.  The  Holmdel,  N.J.,  health- 

See  Factor,  page  38 
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ARE  GROUNDED  — AGAIN. 


Eliminate  application  delays  with  the  market  leader. 


With  Racketeer  WAN  optimization  appliances,  your  business-critical  applications  are 
cleared  for  take-off.  They  give  you  monitoring,  control,  acceleration,  and  management 
all  in  one,  convenient  appliance.  What's  more,  you  can  control  recreational  and 
malicious  traffic  to  further  improve  employee  productivity.  The  result?  Faster  access  to 
business-critical  applications  and  happier  branch  office  users. 


To  learn  more,  please  visit  www.packeteer.com/takeoff. 
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your  free  Application 
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care  company  has  a  much  smaller  user  base  and  believes 
that  the  higher  level  of  security  offered  by  a  hardware- 
based  solution  is  worth  the  extra  cost.  Because  its  users  are 
internal,  the  company  doesn’t  have  the  problems  of  scale, 
portability  and  ease  of  use  that  Bank  of  America  does. 

Bayshore  selected  iTag  technology  from  Encentuate  to 
boost  authentication.  Each  iTag  contains  an  RFID  chip 
and  is  affixed  to  devices  that  physicians,  nunses  and  other 
healthcare  personnel  already  carry,  such  as  ID  badges  or 
pagers.  Combined  with  back-end  authentication  man¬ 
agement,  the  solution  provides  automatic  sign-off  capa¬ 
bilities,  universal  sign-on  to  key  workflows,  and  auditing 
and  reporting  capabilities. 

Tlie  cost  is  higher  than  with  a  software-only  approach 
(about  $150  per  user,  per  year),  but  represents  a  full 
Identity  and  Access  Management  solution,  rather  than 
simply  authentication.  Bayshore  also  wanted  a  tighter, 
more  controlled  form  of  authentication  that  would  help 
it  meet  compliance  mandates  and  cope  with  shared 
workstations  and  other  healthcare  equipment. 

E*Trade  offers  password  tokens 

E*Trade  Financial  in  Merrifield,  Va.,  falls  somewhere 
between  Bayshore  and  Bank  of  America.  An  online  busi¬ 
ness,  it  is  a  prime  target  for  phishing  attacks  and  fraud, 
yet  the  company  doesn’t  have  as  large  a  user  base  as 
Bank  of  America.  Because  E*Trade  is  an  online  busi¬ 
ness,  its  users  also  tend  to  have  a  degree  of  comfort  with 
technology 

“When  we  considered  various  authentication  solu¬ 
tions,  we  had  two  concerns,”  says  Greg  Framke,  CIO  of 
E*Trade  Financial.“First,it  had  to  be  able  to  scale  for  our 
business,  and  second,  it  needed  to  be  quick.  Online  con¬ 
sumers  demand  almost  instantaneous  access  to  their 
accounts.” 

In  2005,E*Trade  began  offering  RSAs  SecurlD  one-time 
password  tokens  to  its  customers.  Sign-up  is  voluntary 
with  tokens  offered  for  free  to  customers  who  execute  a 
high  number  of  transactions  each  month  or  who  have  sig¬ 
nificant  assets  invested  in  E*Trade  accounts.  Other  cus¬ 
tomers  can  sign  up  for  a  one-time  $25  fee. 

“We  employ  other  techniques,  such  as  monitoring  and 
understanding  transactions,”  Framke  says.  “However, 
authentication  is  the  front  door,  so  you  want  it  to  be  as 
iron-clad  as  possible.” 

Notaries  put  stamp  on  digital  certificates 

The  National  Notary  Association  (NNA)  found  that  mov¬ 
ing  certain  processes  online  actually  reduced  risk. 
“Something  we  needed  was  better  revocation,”  says 
Richard  Hansberger,  director  of  eNotarization  for  the  NNA 
in  Chatsworth, Calif. 

In  the  paper  world,  when  a  notary’s  license  was  revoked, 
there  was  no  way  to  know  whether  the  stamp  had  been 
destroyed.  Similarly,  a  quick  search  on  eBay  shows  that 
anyone  with  a  PayPal  account  can  buy  a  notary  stamp. 

The  NNA  began  using  GeoTrust’s  digital  certificates  for 
authentication  and  revocation  purposes.  The  digital  cer¬ 
tificates  serve  as  electronic  notary  seals,  and  they  provide 
an  automated  way  to  manage  revocation. 

Just  because  a  person  has  a  token  or  a  smart  card  does¬ 
n’t  mean  that  you  can  be  certain  of  his  identity  however. 
“We’ve  seen  interest  in  using  notaries  to  distribute  two-fac¬ 


tor  authentication  devices  for  other  organizations,”  Hans¬ 
berger  says.Thus,  notaries  need  airtight  authentication  for 
themselves.  If  their  credentials  are  stolen,  it  could  put  a  lot 
more  at  risk  than  their  own  accounts. 

Lark  Allen,  a  member  of  the  Liberty  Alliance’s  strong 
authentication  expert  group,  says  this  is  one  of  the  prob¬ 
lems  encountered  with  some  of  the  universal  authentica¬ 
tion  ideas  floating  around.  One  concept,  for  instance,  is  to 
turn  driver’s  licenses  into  smart  cards,  providing  a  stan¬ 
dardized  method  for  authentication. 

The  problem  is  that  the  various  state  departments  of 
motor  vehicles  aren’t  in  the  business  of  verifying  identity 
Their  job  is  to  license  drivers. They  have  a  few  rudimenta¬ 
ry  steps  in  place  to  check  identity  such  as  requiring  that 
applications  show  a  Social  Security  card  and  a  utility  bill 
to  prove  their  identity,  but  those  are  easy  to  fake. 

“If  you  don’t  have  a  certified,  tmsted 
provisioning  process  in  place  for  issu¬ 
ing  authentication  credentials,  then 
you  can’t  trust  that  the  token  or  smart 
card  is  what  it  claims  to  be, ’’Allen  says. 

Flaws  and  scofUaws 

Finally  risks  vary  from  industry  to 
industry  because  of  regulations.  In  the 
financial  sector,  the  Federal  Financial 
Institutions  Examination  Council  has 
issued  guidance  about  authentication 
and  expects  banks  to  comply  by  2007. 

However,  no  one  knows  exactly  what 
the  cost  of  noncompliance  will  be. 

The  Health  Insurance  Fbrtability  and 
Accountability  Act  (HIPAA)  mandates 
that  organizations  protect  sensitive 
patient  information.  However,  accord¬ 
ing  to  Barry  Runyon,  an  analyst  with 
Gartner,  the  fines  associated  with 
HIPAA  noncompliance  are  so  low  that 
many  people  just  ignore  them. 

“For  a  security  breach,  the  fine  is 
$250  per  incident  with  a  $25,000  annual  cap,”  Runyon  says. 
He  estimates  that  only  40%  to  50%  of  hospitals  are  com¬ 
pliant.  Many  of  the  others  have  decided  that  it  would  cost 
more  than  the  $25,000  maximum  penalty  to  meet  the 
requirements. 

Runyon  adds,“The  real  cost,  of  course,  is  having  the  story 
about  your  security  breach  showing  up  on  the  front  page 
of  the  newspaper!’ 

A  regulation  such  as  California’s  SB  1386,  which  requires 
the  public  disclosure  of  security  breaches  exposing  the 


confidential  information  of  California  residents,  has  more 
teeth  than  HIPAA,  which  slaps  organizations  on  the  wrist 
with  small  fines. 

Where  risks  are  high  and  the  user  base  is  small,  most  ana¬ 
lysts  recommend  hardware-based  authentication.  This 
could  be  anything  from  smart  cards  to  USB  tokens  to  bio¬ 
metrics.  The  costs  are  high,  but  the  security  is  considered 
to  be  more  robust  than  with  software-only  and  knowledge 
based  authentication. 

These  solutions  aren’t  as  easy  to  provision  and  manage, 
so  they’re  probably  not  suitable  for  large  user  bases. 
Gartner’s  Runyon  doesn’t  see  the  widespread  adoption  of 
biometrics  or  USB  tokens  until  the  cost  comes  down  and 
they  are  easier  to  track.“lt’s  hard  enough  for  an  organiza¬ 
tion  to  keep  track  of  PCs  and  laptops,  can  you  imagine  try¬ 
ing  to  track  USB  tokens?” 

Another  problem  is  as  physical 
solutions  become  more  common, 
users  are  forced  to  wear  “token 
necklaces,”  with  tokens  for  every¬ 
thing  from  banking  to  accessing  the 
workplace.  Until  there  is  more  stan¬ 
dardization,  hardware-based 
authentication  will  likely  be  con¬ 
fined  to  high-risk,  few-user  situa¬ 
tions. 

Schneier  argues  that  the  decision 
process  should  favor  practical  fac¬ 
tors  other  than  pure  security  “Hon¬ 
estly  two-factor  authentication  is  so 
much  better  than  password-only 
that  it  really  doesn’t  matter  which 
you  choose.  Choose  the  one  that  is 
cheaper,  more  user  friendly  and  eas¬ 
ier  to  deploy’  he  says. 

Comparing  schemas  for  authenti¬ 
cation  is  not  always  an  apples-to- 
apples  situation.  Some  offer  mutual 
authentication;  some  don’t.  Some 
have  components  that  take  account 
origination  and  provisioning  into  account;  some  don’t. 
And  many  of  the  cost  quotes  are  nearly  meaningless, 
because  they  only  factor  in  the  initial  purchase  price  of  a 
user’s  authenticating  device,  leaving  out  server-side  soft¬ 
ware,  ongoing  management,  support  and  maintenance. 
The  factors  are  tough  to  pin  down,  but  without  these  fig¬ 
ures  it’s  difficult  to  tally  the  total  cost  of  ownership. 

Vance  is  a  freelancer  writer  in  New  Mexico.  He  can  be 
reached  at  jeff@sandstormmedia.net. 


Eight  steps  to  better 
authentication 

•  Measure  risk. 

•Assess  user  base. 

•  Choose  solution  that  matches  user 
base  and  risks, 

•  Build  business  practices  around 
authentication, 

•  Conduct  pilot  test  and  phased  rollout, 

•Tie  in  with  other  layers  of  security. 

•  Monitor,  measure,  audit  and  review. 

•  Roll  out  additional  tiers  of  authenti¬ 
cation  or  security  layers  as  users 
and  risks  change. 


Sizing  up  authentication  schemas 

When  selecting  an  authentication  method,  determine  which  type  best  suits  your  budget  and  your  risk  levels. 


Cost/user 

Security 

Usability 

Portability 

Manageability 

Scalability 

Smart  card  calculators 

$8-$15 

Good 

Average 

Good 

Poor 

Average 

Bingo  card  transaction  sheets 

$2-$10 

Good 

Good 

Good 

Average 

Good 

Client  certificates 

$3-$15 

Excellent 

Good 

Average 

Good 

Good 

Shared  secrets/challenge-response 

$.50-$1 

Average 

Excellent 

Good 

Good 

Excellent 

One-time  password  tokens 

$10-$40 

Good 

Average 

Good 

Poor 

Poor 

Out  of  band  authentication 

$5-$15 

Good 

Average 

Good 

Excellent 

Good 
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IS  NOW  IN  YOUR  HANDS 


SECURITY 


In  today’s  corporate  environment,  it’s  not  an  option.  DesktopStandard’s  Group  Policy  extensions 


take  you  beyond  built-in  Windows  security  management,  giving  you  the  power  to  limit  rights  and  privileges  to 
the  least  required  for  authorized  tasks.  Reduce  the  complexity  of  managing  your  distributed  desktop  environ¬ 
ment  while  increasing  security  and  compliance.  Find  out  how  at  www.desktopstandard.com. 
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Beta-testing  buggy  products 
can  give  your  company 
a  competitive  edge. 

BY  MARY  BRANDEL 

In  15  years  at  Case  Western  Reserve 
University  in  Cleveland,  systems 
engineer  Jim  Nauer  has  been 
involved  in  six  major  beta  tests.  In 
each  case,  Nauer  was  motivated  by  the 
failure  of  existing  technology  to  meet 
Case’s  technology  or  business  needs. 

For  example,  in  the  mid-1990s,  the  university  beta-tested  a 
native  version  of  Novell  NetWare  that  ran  on  Apple’s  PowerPC 
platform.  Nauer  was  excited  about  the  product’s  potential. 

“It  meant  guaranteed  hardware  compatibility  and  plug-and- 
play  device  drivers,  and  in  those  days,  there  was  quite  a  bit  of 
voodoo  involved  in  getting  Ethernet  and  SCSI  cards  configured 
correctly  he  says.  “You  didn’t  just  pull  [the  network  operating 
system]  out  of  the  box  and  click  through  a  wizard  to  install  it.” 

The  beta  product  worked  beautifully,  he  says.  Unfortunately 
Apple  decided  not  to  develop  it  commerciaily“lt  would  have 
been  really  neat  if  they’d  finished  debugging  it  and  it  solved 
some  of  our  issues,”  he  says.“But  it  didn’t  come  to  pass.” 

As  Nauer  has  found  —  during  the  Apple  beta  and  his  other 
more  successful  tests  —  there  are  numerous  benefits  to  being 
a  beta  tester.The  most  important  is  the  ability  to  get  your  hands 
on  cutting-edge  technology  to  gain  a  competitive  advantage. 

However,  be  prepcired  to  deal  with  the  frustrations,  the 
resource  demands  and  the  possible  disappointments  that 
accompany  the  experience.  Not  only  does  beta  testing  stretch 
the  resources  of  IT  staff  members,  but  it  also  can  try  their 
patience,  as  they  are,  after  all,  working  with  buggy  products. 
Vendor  approaches  to  beta-testing  can  range  from  very  orga¬ 
nized  to  haphazard,  and  your  own  testing  and  bug-reporting 
process  has  to  be  rigorous. 

As  Nauer  found  with  the  Apple  beta,  there’s  no  guarantee  the 
product  will  ever  hit  the  market.  Still,  Nauer  says  Case  Western 
came  out  a  winner.“It  enabled  us  to  get  our  hands  on  NetWare 
4.1  code  before  we  had  the  PC  native  version,”  he  says. “We  got 
knowledge  and  experience  we  were  able  to  apply  elsewhere.” 
In  fact,  other  beta  testers  report  that  even  when  things  go 

See  Beta,  page  42 
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wrong,  they  still  feel  the  pros  outweigh  the 
cons.  Reasons  include  early  access  to  new 
technology  that  can  solve  long-standing 
problems,  the  opportunity  to  influence 
product  development  and  a  direct  line  to 
code  engineers. 

“You’re  doing  it  because  you  have  a 
vision:  you  want  to  beat  the  guy  down 
the  .street  and  improve  your  revenues 
quarter  over  quarter,”  says  Louis  Barton, 
executive  vice  president  at  Cullen/Frost 
Bankers  in  San  Antonio. 

Secrets  to  successful  beta-testing 

The  secrets?  Don’t  expect  beta-testing  to 
be  a  free  ride,  and  be  prepared  to  jump  into 
it  with  both  feet,  says  Mark  Moroses,  senior 
director  of  technical  services  at  Maimon- 
ides  Medical  Center  in  New  York. 

Moroses  has  been  involved  with  several 
beta  tests,  and  while  he  says  his  team  is  very 
accomplished  at  the  process,  it’s  not  some¬ 
thing  he’d  turn  into  a  hobby  “We  only  go 
down  the  [beta  test]  road  if  we  believe  the 
technology  is  superior]’ he  says.  “If  it’s  a  tie, 
we  prefer  to  work  with  an  established  plat¬ 
form  with  less  bugs  and  support  issues.” 

Moroses  counts  just  one  time  that  a  beta 
test  came  close  to  being  a  failure.  He  was 
asked  to  test  a  thin-client  version  of  a 
product  he  was  already  using  in-house. 
Unfortunately,  the  beta  version  wasn’t 
ready  for  prime  time. 

“As  our  debugging  process  went  on,  it 
became  apparent  that  their  approach 
needed  to  be  completely  redone,”  he  says. 
His  team  pulled  the  plug  on  the  beta 
effort  and  submitted  feedback  to  the  ven¬ 
dor.  But  Moroses  still  contends  the  experi¬ 
ence  wasn’t  a  waste  of  time  because  it 
gave  the  team  deeper  insight  into  the 
technology’s  capabilities. 

To  survive  a  beta  test  without  the  nega¬ 
tives  outweighing  the  positives,  Moroses 
says,  your  IT  organization  has  to  start  with 


several  characteristics,  including  a  strong 
problem-solving  and  partnership  mentality 
In  fact,  his  group  is  often  approached  by 
vendors  to  do  beta  tests  because  of  those 
traits,  he  says. 

“They’re  looking  for  certain  types  of 
folks,”  he  says.“Our  engineers  and  people 
in  the  I  T  department  don’t  say, ‘I  have  to 
call  the  vendor’  when  something  doesn’t 
work  —  we  spend  time  finding  the  core 
of  the  problem.” 

But  if  you  don’t  manage  that  effort,  you 
can  drown  in  it,  Moroses  says.“You  have  to 
stay  cognizant  of  wfiere  your  entire  portfo¬ 


lio  of  projects  and  upgrades  is  and  what 
people’s  workloads  are,”  he  says.  One  man¬ 
agement  tip  that  he  offers  is  to  conduct  just 
one  beta  test  at  a  time.“If  we’re  at  the  end  of 
one,  we  might  start  up  another,  but  we 
wouldn’t  do  three  or  four  at  a  time,” he  says. 

It’s  also  important  to  establish  upfront 
what  you  expect  to  gain.  For  instance, 
Moroses  insists  on  getting  the  names  of  the 
software  developers  he’ll  be  working  with, 
not  just  a  support  phone  number.  He 
demands  24-hour  turnaround  time  on 
issues  that  arise  when  the  tested  product 
goes  into  production,  as  well  as  senior  supr- 
port  personnel  on-site. 

“You  have  to  be  careful  whom  you  part¬ 
ner  with,”  he  says. “Not  all  vendors  will  vol¬ 
untarily  suggest  bypassing  the  normal  sup)- 
port  center? 

Moroses  also  negotiates  a  price  break  on 
the  product  or  better  software  mainte¬ 
nance  terms.“We  tie  it  to  an  economic  ben¬ 
efit,”  he  says. “We  end  up  making  the  prod¬ 
uct  better  anyway  so  we  might  as  well  get  a 
financial  reward  for  it.” 

Beta-testing  can  be  a  drain 

The  resource  demands  of  beta  testing 
made  Barton  think  twice  before  agreeing 
to  test  the  Cognos  8  business-intelligence 
system.“It  was  a  balance  between  the  com¬ 
mitment  of  resources  we’d  have  to  apply 
and  what  we’d  get  back,”  he  says.  “If  you’re 
going  to  do  it  right,  you  have  to  really  do  it 
and  put  your  best  people  on  the  project.” 

Barton  is  not  alone.  “Resource  con¬ 
straints  are  the  No.  1  challenge  for  our  cus¬ 
tomers,”  says  Faiyaz  Shahpurwala,  vice 
president  of  the  data-center  practices 
group  at  Cisco,  who  says  tests  can  average 
out  to  be  a  three-  to  four-month  effort. 
“There  are  times  when  we’re  not  able  to 
complete  a  test  plan  on  time, and  we  have 
to  keep  pushing  on  our  side.” 

However,  because  Barton’s  $10  billion 
financial  services  conglomerate  was  mak¬ 
ing  full  use  of  other  Cognos  products,  and 
he  planned  to  eventually  move  to  the  new 


business-intelligence  system,  he  decided 
beta  testing  would  be  a  good  way  to  pre¬ 
pare  for  the  implementation. 

Barton  says  Cognos  was  an  “extremely 
organized  and  thorough”  partner  in  the 
beta  test,  which  is  not  always  the  case.  “It 
wasn’t,‘Here’s  some  software  you  can  install 
so  we  can  get  some  feedback,’”  he  says. 
“There  was  a  plan,  a  structure,  a  schedule, 
names  of  people  to  support  us,  good  com¬ 
munication  and  objectives,  which  was  a 
new  experience  for  us.” 

Preparing  for  the  beta  test  required  sever¬ 
al  phone  conferences,  Web  conferences 


and  e-mail  communications,  after  which  a 
few  Cognos  engineers  came  on-site  at  Frost 
for  three  weeks.  The  entire  project  lasted 
three  months  and  required  the  full-time 
effort  of  two  to  three  IT  staff,  plus  some  sup¬ 
port  staff  and  business  users. 

But  no  matter  how  organized  Cognos 
was.  Barton  says  the  effort  would  not  have 
been  successful  if  his  own  team  didn’t 
have  a  structured  approach  to  testing, 
complete  with  test-control  forms  that 
recorded  the  objective  and  expectations 
of  each  test  and  documented  what  hap¬ 
pened  during  testing.  “When  you  get  an 
error,  you  have  to  make  sure  you  can  doc¬ 
ument  it  and  communicate  about  it  thor¬ 
oughly  enough  to  the  vendor  so  they  can 
fix  it,”  he  says. 

While  Barton  says  the  beta  test  prepared 
his  team  to  implement  Cognos  8,  there 
were  some  downsides  to  the  experience. 
“Software  always  has  bugs,  but  beta  soft¬ 
ware  will  have  more  bugs,”  he  says.The  time 
involved  in  reporting  on  those  bugs, waiting 
for  a  fix  and  then  testing  it  again  can  be  a 
source  of  frustration.  “It’s  a  drain  on 
resources,  especially  when  everyone 
already  has  a  full-time  schedule  and  full 
workloads,”  he  says. 

The  testing  period  is  intense.’Testing  is  an 
art,”  he  says.“Many  conversions  fail  because 
of  insufficient  testing  or  the  wrong  types  of 
tests,  which  takes  planning  and  discipline 
and  procedures  and  documentation." 

But  the  benefits  outweigh  the  risks 

If  you  plan  right.  Barton  says,  the  down¬ 
sides  are  offset  by  the  rewards,  one  of 
which  is  a  head  start  into  new  technology, 
which  can  mean  a  competitive  advantage. 
“The  hands-on  personal  training  reduces 
the  learning  curve  for  support  staff,  busi¬ 
ness  users  and  everyone  else  involved,”  he 
says.  “It’s  hard  to  quantify  but  they’re  real 
when  you  start  using  the  product.” 

John  Denardo,  CTO  for  Eagle  County 
Colo.,  agrees.  As  an  early  adopter  of  storage 
technology  from  LeftHand  Networks, 
Denardo  has  beta-tested  new  products  and 
configurations  for  the  vendor.  “I’d  be  send¬ 
ing  my  guys  out  to  train  otherwise  anyway 
and  this  way  we  get  more  detail,”  he  says. 
“Having  access  to  the  engineers  working 
on  the  code  is  important.” 

Nauer  says  beta  tests  give  the  university 
a  big  leg  up  in  terms  of  its  deployment 
plans.  For  instance,  it  has  been  able  to 
make  an  early  move  into  storage  virtual¬ 
ization  by  beta-testing  Cisco’s  MDS  Series 
switch  in  2002. The  university  already  had 
a  small  storage-area  network,  but  it  want¬ 
ed  to  migrate  to  iSCSI  technology,  which 
MDS  enables.  “Cisco  brought  to  the  table 
things  we  didn’t  even  know  existed,” 
Nauer  says,  such  as  intelligent  applica¬ 
tions  at  the  switch  level. “We  don’t  need  it 
today,  but  it’s  absolutely  strategic  for  us  to 
move  in  that  direction.” 

Beta  tests  can  give  companies  a  chance 
to  influence  product  development.“You’re 
providing  feedback  that  will  help  them 


Advice  Ibr  beta  testers 

•  Don’t  underestimate  the  time  commitment 

Beta  tests  are  not  something  to  enter  into 
lightly  You  may  need  to  put  lower-priority 
projects  on  hold  or  delay  other  projects  by  a 
few  days  or  even  weeks.  "It's  a  strain  because 
you  still  have  to  get  the  other  work  out,  so 
you're  working  lunches  and  overtimes,”  Barton 
says.  So  if  beta  test  is  low-reward  or  other 
high-visibility  projects  are  going  on  or  you 
don't  have  a  test  environment  prepared,  he 
says,  don't  do  it. 

•  Negotiate  everything  yon  can  get  npfront 

If  you  want  the  names  of  support  people  or 
other  terms  of  agreement,  make  sure  you  do 
it  upfront  and  in  writing.  "You  can't  just  pretend 
your  previous  agreements  don’t  exist 
anymore,."  Barton  says.  “It  has  to  be  done 
legally  and  in  an  organized  manner."  And  while 
financial  incentives  can  be  issued,  be  sure  you 
get  a  commitment  before  you  go  into  testing, 
when  you  still  have  leverage,  he  says. 

•  Appiy  yourseif 

When  you're  applying  to  be  a  beta  tester,  fill 
out  the  form  completely,  says  Michael  Fine, 
director  of  client  services  for  CenterCode.  "We 
get  forms  where  they  don't  give  data  on  what 
equipment  they  have  to  test  with,”  he  says. 
"And  people  who  can't  spell  are  less  inclined  to 
be  chosen."  Abide  by  the  confidentiality  rules, 
he  says,  and  don't  expect  a  miracle,  "Don't  set 
overly  high  expectations  on  the  product  before 
you  get  It,"  he  says,  "This  is  beta;  it's  being 
tested.  Go  in  with  an  open  mind." 


make  money  so  they’ll  listen  and  respect 
your  input  vs.  if  you  went  blindly  through 
your  sales  rep,”  Barton  says. This  depends, 
of  course,  on  the  tester’s  ability  to  truly 
enter  into  a  partnership  with  the  vendor. 

Getting  leading  technology  on-site  is  also 
a  boon  for  recruitment  and  retention 
efforts.  “If  your  tech  guys  can  put  on  their 
resume  that  they’ve  worked  with  cutting- 
edge  technology  they’re  less  likely  to  seek 
other  employment,”  Moroses  says. 

Don’t  forget  the  financial  incentives.  A 
couple  of  years  ago,  Michael  Fine,  director 
of  client  services  for  Center  Code,  helped 
beta-test  a  high-end  security  product, which 
ended  up  providing  the  user  with  $20,000 
worth  of  product  advice  for  free. 

But  while  lower  software  costs  can  be  a 
benefit,  experienced  users  warn  that  it 
can’t  be  a  driving  factor. “You  can’t  go  into 
beta  testing  because  it’s  a  good  way  to  get 
some  freebies  —  that’s  the  wrong  motiva¬ 
tion,”  Nauer  says.  “If  you  do,  one  or  both 
sides  won’t  be  happy? 

It’s  better  to  approach  it  as  business 
engagement.  “If  you  treat  a  beta  like  it’s 
outside  of  your  core  mission,  you’ll  be 
disappointed.  But  if  you  treat  it  like  any 
other  business  project,  you’ll  get  a  good 
result,"  Barton  says. 

Brandel  is  a  freelance  writer  in  Newton, 
Mass.  She  can  be  reached  at  marybran 
del@oerizon.net. 


“  tf  you  treat  a  beta  like  it's  outside  your  core  mission, 
you'll  be  disappointed.  But  if  you  treat  it  like  any  other 
business  project  you'll  get  a  good  result" 

Jim  Nauer,  systems  engineer.  Case  Western  Reserve  University 
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NETWORK  TRAFFIC  ANALYZER 
GIGASTOR 

Network  Instruments 

www.net w'orkinstrumeots.cbm  ,  • 

NetResults  4.3 


$35,000  for  4TB  appliance,  two  links  or  four  ports; 
other  version  include  2TB  version  for  $20,000 
(one  link  or  two  ports)  and  STB  version  for  $50,000 
(monitor  two  links  or  four  ports). 

Pros:  Captures  and  analyzes  dense  traffic 

without  skipping  a  beat;  frugal  bandwidth 


ClfiUi  CHOICE  TEST 


GigaStor  probe  analyzes 
WAN  traffic  with  ease 


use. 


BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

Diagnosing  network  problems  without  analyzing  or  even  inspecting  the  traffic 
related  to  the  problem  is  always  an  exercise  in  speculation  and  guesswork.The 
same  goes  for  planning  —  how  can  you  recommend  network  changes  to 
accommodate  growth  without  understanding  the  current  traffic? 


Cons:  Pricey;  works  only  with  the  Observer 
protocol  analysis  tool. 


The  Breakdown 


Long-distance  WAN  links  complicate  the  picture. 
Troubleshooting  or  planning  network  segments  thou¬ 
sands  of  miles  away  isn’t  easy  without  some  level  of  direct 
analysis  of  the  traffic.  Even  worse,  dealing  with  intermit¬ 
tent  problem  reports  (someone  screaming,  “It  happened 
again  just  five  minutes  ago!’’)  is  extremely  frustrating. 

Network  Instruments  says  its  GigaStor  probe  is  the 
answer,  because  it  can  capture  gigabytes  of  network  traf¬ 
fic,  analyze  them  and  forward  the  analysis  to  a  central 
console  (its  Observer  protocol  analysis  and  network-mon¬ 
itoring  software)  .We  recently  tested  the  4TB  version  of  the 
GigaStor  appliance  (Network  Instruments  also  makes  2TB 
and  STB  versions). 

The  appliance  passed  our  tests  with  flying  colors.  Its 
high  price  may  preclude  some  from  installing  probes  in 
every  nook  and  cranny  of  the  network,  but  the  unit’s  pro¬ 
cessing  power  and  capacity  can  offset  the  price  by  letting 
you  place  probes  at  strategic  network  intersections,  even 
if  their  network  connection  is  extremely  busy.  The 
GigaStor  stored  high  traffic  volumes  without  missing  a 
beat,  was  frugal  with  bandwidth,  and  the  Observer  con¬ 
sole  made  understanding  and  solving  even  difficult  net¬ 
work  problems  quick  and  easy. 

Probing  intelligence 

The  4U  rack-mounted  GigaStor  includes  a  64-bit  proces¬ 
sor,  a  high-performance  disk  subsystem  and  the  Network 
Instruments-named  Gen2  Gigabit  Capture  Card  to  intercept 
and  store  on  its  hard  disk  every  packet,  no  matter  how  busy 
the  network.  Operating  at  wire  speeds,  the  high-perfor¬ 
mance  GigaStor  effortlessly  and  accurately  captured  dense 


Tm  I A  n  Network  probes 
TIPJAR  do’s  and  don’ts 


D«  take  the  time  to  set  up  a  full  range  of  thresholds  and  alerts  in 
Observer  (or  other  analyzer),  especially  for  more  important  applications 
and  network  assets. 

Do  use  a  protocol  analyzer  to  detect  policy  violations  of  corporate 
network  use  (e.g.,  music  downloads). 

Don’t  use  them  just  when  problems  occur.  Use  them  on  a  regular 
basis  to  stay  familiar  with  your  typical  network  activity  (baselining). 


traffic  flowing  at  T-l,T-3,  OC-1  and  even  OC-3  speeds  (see 
How  we  did  it  at  www.nwdocfinder.com/3722).  The  4TB 
unit  we  tested  easily  stored  a  72-hour  history  of  heavy  OC- 
3  (155Mbps)  traffic.This  means  a  remote  user  could  have  a 
problem  on  a  Monday  take  Tuesday  off,  report  the  problem 
on  Wednesday  and  you  could  still  diagnose  it  —  all  with¬ 
out  having  to  travel  to  the  user’s  office. 

The  GigaStor  analyzed  the  stored  traffic  and  produced 
typical  protocol  analyzer  statistics,  including  top  talkers, 
packets  per  second,  packet  size  distribution  and  bytes  per 
packet.The  unit  also  sported  a  sophisticated  network-mon¬ 
itoring  ability  For  example,  once  we  set  thresholds  for  alert 
situations,  such  as  a  specific  server  emitting  no  packets  (a 
nonresponsive  server),  the  GigaStor  thereafter  promptly 
notified  us  of  errors  and  warnings  via  the  Observer  con¬ 
sole,  SNMP  trap,  pager  or  e-mail. 

If  viewing  statistics  doesn’t  solve  the  problem,  the 
GigaStor  lets  you  drill  deeper.  The 
appliance  decodes  more  than  550 
diverse  protocols  and  can  display 
the  contents  of  packets  for  an 
address,  a  protocol  stream  or  a 
time  period.  We  were  especially 
impressed  by  the  unit’s  application 
analysis  statistics,  which  revealed 
response  times  as  well  as  total 
transactions  and  failed  transac¬ 
tions  for  such  applications  as  SQL 
Server,  Oracle,  Exchange,  VoIP  and  DNS/DHCR  Equally 
impressive  is  GigaStor’s  nanosecond  resolution. 

When  communicating  with  the  Observer  console,  the 
GigaStor  was  especially  frugal  in  its  bandwidth  use.  The 
probe  compressed  and  encrypted  statistics  and  actual 
packets  sent  to  the  console  for  display  In  our  tests,  we  mea¬ 
sured  an  increase  in  use  of  less  than  3%  when  we  told  the 
GigaStor  to  send  the  console  all  packets  sent  or  received  by 
a  particular  client  for  a  specified  five-minute  period  during 
the  previous  day  We  estimate  the  device’s  compression 
reduced  the  GigaStor-to-Observer  transmission  to  a  tenth  of 
what  it  would  have  been. 

Moreover,  the  console  and  appliance  use  a  private  pro¬ 
tocol  that  carries  only  changed  (updated)  display  data. 
For  example,  if  you  are  viewing  a  Top  Talkers  window  that 
shows  300  network  nodes,  and  the  displayed  data 
changes  for  only  38  of  the  nodes  during  an  update  cycle 


PerformancG  30% 

5 

Protocol  support  20% 

5 

Ease  of  use  20% 

3 

Reports  20% 

4 

Documentation/installation  10% 

4 

Total  score 

4.3 

Scoring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 


The  4U  rack-mounted  GigaStor  has  a  64-bit 
processor,  high-performance  disk  subsystem 
and  a  Gigabit  capture  card. 


(configurable),  the  GigaStor  sends  only  the  changes  in 
display  data  (IP  address,  byte  counts  and  packet  counts) 
for  the  38  nodes. 

Network  Instruments  offers  nTAP  connectors  for  using 
the  GigaStor  on  lO/lOOMbps  copper,  10/100/1000  copper 
and  10/100/1000  fiber  networks.  These  connectors  let  us 
link  the  GigaStor  directly  to  our  network  without  using  the 
span  (mirror)  port  of  the  switches  on  each  of  our  subnets. 

Ease  of  use 

Although  the  appliance  includes  monitor  and  key¬ 
board  ports  for  local  access,  the  primary  interface  is  the 
highly  capable  Observer  proto¬ 
col  analysis  tool.  Because  work¬ 
ing  with  a  remote  probe  is  simi¬ 
lar  to  using  Observer  to  diag¬ 
nose  a  local  problem,  solving 
remote  problems  becomes  sim¬ 
ple  and  painless.  Moreover,  the 
Observer  analysis  tool  and  the 
GigaStor  are  so  closely  integrat¬ 
ed,  that  just  using  a  newer  ver¬ 
sion  of  Observer  to  access  a 
GigaStor  probe  automatically  updates  the  GigaStor’s 
internal  analysis  software. 

The  GigaStor  communicates  only  with  the  Observer  pro¬ 
tocol  analysis  tool,  which  is  a  slight  drawback  for  this  net¬ 
work  probe.You  can’t  use,  for  example,  HP’s  Open  View  net¬ 
work-management  product  to  direct  the  unit’s  operation  or 
view  GigaStor  analysis  results.  Fortunately,  Observ'er  is  intu¬ 
itive,  highly  graphical  and  easy  to  navigate. 

The  appliance  was  easy  to  install,  requiring  only  that  we 
connect  it  to  the  network  and  give  the  unit  an  IP  address. 
The  printed,  nicely  indexed  and  well-written  documenta¬ 
tion  was  clear  and  comprehensive. 

Nance  runs  Network  Testing  Labs  and  is  the  author  of 
Introduction  to  Networking,  4th  edition  and  Client/ 
Server  LAN  Programming.  He  can  be  reached  at  bar 
ryn@erols.corn. 


MILAN’S  MIL-SM801  series  of 
layer  2  managed  switches 
provides  high  performance  non 
blocking  switching. 


The  ShAir  AccessG  Pro 
AP/Bridge:  MILAN’S  new 
cost-effective,  enterprise-class 
wireless  access  point. 


The  MiL-SM2401  M  Series  is 
MILAN’S  most  powerful,  flexible^ 
line  of  Layer  2  management  i 
switches.  ' 


M I  LAN 


....  ....  1 


Don;t  pay  for  unneeded  hassles.  MILAN  puts  simplicity  within 
your  reach,  freeing  you  from  unnecessary  entanglements  to  focus 
on  the  real  work  of  administration. Transition  Networks,  the 
industry  leader  in  product  quality,  availability  and  support,  now 
offers  MILAN  switching  and  wireless  products  to  help  you  simply 
connect  the  devices  you  need  —  priced  and  optimized  for  small- 
to  mid-sized  business.  Why  pay  more  for  simplicity? 


MILAN  BY 

TRANSITION 


NETWORKS* 


www.milan.com  800  ~526 -9267 


\ 
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MMIMEHEIir  SIMIEGIES 

■  CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  H  BUSINESS  JUSTIFICATION 


How  to  prepare  for  a  GISO  position 

Security  professionals  must  know  the  business  to  rise  through  the  ranks. 


BY  ROLF  MOULTON 


Chief  information  security  officers  and  the  important 
work  they  do  increasingly  are  being  recognized  in 
the  C  suite.  Results  from  the  second  annual  Global 
Information  Security  Workforce  Study  conducted  by  glob¬ 
al  analyst  firm  IDC  and  sponsored  by  the  International 
Information  Systems  Security  Certification  Consortium, 
show  information  security  professionals  are  moving  up  in 
the  corporate  ranks. 


The  study  notes  that  accountability  for 
information  security  has  risen  up  the  man¬ 
agement  hierarchy  and  now  rests  with  the 
board  of  directors  and  CEO,  CISO  or  CSO. 
Nearly  21%  of  study  respondents  said  their 
CEO  is  now  ultimately  responsible  for  infor¬ 
mation  security  (nearly  double  the  12%  of 
respondents  holding  this  opinion  in  2004), 
and  73%  said  this  trend  will  continue. 

Complex  security  solutions,  regulatory 
requirements,  threat-technology  advances 
and  costly  security  breaches  make  it  essen¬ 
tial  that  organizations  be  proactive  in 
guarding  their  digital  assets.  As  a  result,  the 
CISO  position  focuses  on  risk  management 
and  is  becoming  more  integrated  with  busi¬ 
ness  functions.  Security  professionals  must 
hone  their  technical  and  business  skills  to 
prepare  for  this  role. 

Independent  validation  of  competency 
and  experience,  together  with  a  commit¬ 
ment  to  the  information  security  profes¬ 
sion,  are  door-openers  for  those  who  aspire 
to  move  into  the  CISO  position.  Information 
security  practitioners  should  consider  the 
value  of  obtaining  certifications  from  a  pro¬ 
fessional  security  association  to  help  fur¬ 
ther  their  careers.  According  to  the  GISWS, 
90%  of  respondents  involved  in  hiring  view 
certifications  as  somewhat  or  very  impor¬ 
tant  when  they’re  making  hiring  decisions. 
And  more  than  60%  indicated  they  intend 
to  acquire  at  least  one  information  security 
certification  within  the  next  12  months. 

There  are  two  categories  of  information 
security  certifications:  vendor-neutral  and 
vendor-specific.  Both  are  helpful  for  career 


development.  Vendor-specific  credentials 
(such  as  from  Cisco  and  Microsoft)  are 
important  ways  to  gain  necessary  skills. 
They  need  to  be  accompanied  by  certifica¬ 
tions  that  demonstrate  a  broad  foundation 
of  knowledge  and  experience.The  Certified 
Information  Systems  Security  Professional 
(CISSP)  and  Certified  Information  Systems 
Auditor  (CISA)  certifications  are  sound 
choices. 

When  developing  your  career  plan,  look 
for  help  from  associations  offering  career¬ 
building  services  and  ongoing  education, 
opportunities  to  demonstrate  subject  mat¬ 
ter  expertise,  avenues  for  peer  networking, 
access  to  industry  research  and  volunteer 
opportunities. 

A  great  resource  for  finding  information 
security-focused  educational  institutions 
and  organizations,  professional  associa¬ 
tions,  conferences  and  trade  shows,  online 
resources,  and  publications  is  the  ISC2’s 
2006  Resource  Guide  for  Today’s  Informa¬ 
tion  Security  Professional,  Global  Edition. 
This  free  guide  is  available  online  (see 
www.nwdocfinder.com/3271). 

Security  certification  and  experience  will 
do  you  little  good  on  their  own,  however. To 
rise  through  the  technical  ranks  and  be¬ 
come  a  ClSO,you  also  must  be  able  to  com¬ 
municate  in  business  terms.You  can  do  this 
by  combining  your  technical  expertise 
with  expertise  at  communicating  business 
value.  You  should  be  able  to  explain  the 
benefits  of  security  in  terms  of  ROl,  its  value 
in  improving  the  organization’s  ability  to 
conduct  business  and  the  practical  solu¬ 


tions  it  provides  to  problems  —  all  interwo¬ 
ven  with  the  organization’s  appetite  for  risk. 

While  you  enhance  your  security  and 
business  skills,  you  can  work  within  your 
own  organization  to  prepare  for  a  career 
transition.  Here  are  some  ideas  from  a  panel 
discussion  at  the  2006  RSA  North  America 
conference  about  becoming  a  CISO: 

Learn  to  collaborate  with  other  depart¬ 
ments  to  integrate  and  appreciate  other 
roles.  According  to  an  Auburn  University 
study  “Managerial  Dimensions  in  Informa¬ 
tion  Security:  A  Theoretical  Model  of  Organ¬ 
izational  Effectiveness,”  implementing  infor¬ 
mation  security  programs  requires  exceph 
tionally  high  levels  of  “task  Interdepen¬ 
dence”  :  Respondents  said  62%  of  their  daily 
tasks  depended  on  the  exchange  of  infor¬ 
mation  or  cooperation  with  others. 

Take  the  value-added  approach  by  learn¬ 
ing  how  to  align  your  responsibilities  and 
accountability  with  each  department’s 
business  goals.  Look  at  the  big  picture  — 
the  goals  and  focus  of  the  organization. 
Think  in  terms  of  the  overall  business,  and 
know  the  impact  you  have  on  it  and  how 
what  you  do  creates  value  for  the  organiza¬ 
tion.  Communicating  the  value  of  informa¬ 
tion  security  will  help  in  building  a  spirit  of 
cooperation  throughout  the  organization. 

Develop  your  own  circle  of  trust  within 
your  organization  with  representatives  from 
each  department  to  help  promote  mutual 
understanding,  appreciation  and  team¬ 
work.  When  more  people  agree  with  you, 
you  gain  credibility  Eventually,  executives 
will  learn  about  your  group  and  recognize 
the  value  in  consulting  you. 

Engage  executives  in  conversation  so 
they  can  get  to  know  you  and  learn  to  trust 
you.  These  conversations  should  be  suc¬ 
cinct  but  meaningful,  using  business  terms, 
not  “geek  speak”  or  acronyms.  Determine 
how  you  can  add  value  to  their  goals,  then 
make  your  case  as  to  why  you  should  be 
consulted  or  included  in  a  meeting. 

Offer  executive  and  user  security-aware¬ 
ness  training  on  security  threats  affecting 
home  offices  and  present  prevention  tech¬ 
niques.  Executives  will  see  the  difference 
you  make  to  their  home  computers  or  net¬ 
works,  and  that  builds  their  trust  in  your 
ability  to  make  recommendations  for  the 
business’  networks. 

Learn  to  balance  opportunity  risks.  Many 


executives  perceive  security  staff  as  inflexi¬ 
ble,  so  they  don’t  want  to  invite  them  to 
strategy  meetings.  Be  flexible  in  balancing 
security  risks  with  business  processes  that 
help  the  organization  meet  its  goals. 

So,  would  you  like  to  be  a  CISO?  Are  you 
willing  to  step  away  from  some  of  the  tech¬ 
nical  aspects  of  information  security?  If  the 
answer  is  yes,  keep  up-to-date  with  your 
technical  knowledge  and  certifications, 
and  learn  business  language  and  softer 
communication  and  presentation  skills. 
Develop  relationships  with  executives  so 
they  are  aware  of  your  knowledge  and 
skills,  will  begin  to  trust  you  and  will  see 
you  as  a  good  choice  for  a  C-level  position. 

Moulton  is  a  CISSP-lSSMIf  president  and 
interim  CEO  of  ISC2.  He  can  be  reached  at 
rmoulton@isc2.  org. 


Security  staffing  is 
growing. . . 

Opportunity  awaits  those  looking 
to  enter  an  information  security 
career  path. 

Worldwide  Information  security  professional 
forecast  for  Americas  region 
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and  employers  seek 
certification 


Employers  assess  the  importance  of 
information  security  certifications 
when  hiring  security  professionals. 
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itting  a  wall  with  your  current  sniffer? 


Break  through  with  Observer  1 1 .  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


NNEIWORK* 

INSTRUMENTS 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


How  Do  You  Distribute 
Power  in  Your  Data 


CDU  Product  Family:  Metered,  Smart  &  Switched 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,208VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


toll  free +1.800.835.1515 
tel  +1.775.284.2000 
fax  +1.775.284.2065 

www.servertech.com 

sales@servertech.com 
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Network 

Administrator 

9:42  am  Singapore  branches  go  offline,  trouble  ticket  created 

9:44  am  Jeff  uses  diagnostics  to  isolate  failure  to  core  router 
-  not  responding 

9:45  am  Out-of-band  access  to  core  router  established 

via  Cyclades®  ACS  Advanced  Console  Server 

9:47  am  Router  shows  subnet  mask  set  incorrectly 
during  previous  configuration 

9:48  am  Jeff  resets  subnet  mask  properly,  reboots  router 

9:49  am  Link  to  Singapore  restored, 

Singapore  comes  back  online 

9:50  am  Jetf  is  planning  his  next  vacation 
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Cyclades®  ACS  Advanced  Console  Server 

£  V  Download  a  FREE  White  Paper  on  Console  Management 

[www.cyclades.com/wpcm 


eye  lade- 


www.cyciades.com/nw 

1.888.cyclades  ■  saies@cyciades.coni  An  Avocent.  Company 

2006  Avotenl  Cotpotatioii.  Ali  righfs  rsie.-ved.  ons  Cycled^,  -:C  ?i: 
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‘Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second”  —  InfoWorld 

♦  over  two  dozen  indexed,  unindexed,  fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while  displaying  links,  formatting  and^ 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet,  email  and 
attachments,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content,  with  WYSWYG  hit-highlighting 

♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc.  Ask  about  new  .NET  Spider  API 


Developer^udtis 


dtSearch  vs.  the  competition: 

“dtSearch  easily  overpowered  the 
document  indexing  and  searching 
abilities  of  other  solutions,  especially 
against  large  volumes  of  documents” 

Reliability:  “dtSearch  got  the  highest 
marks  from  our  systems  engineering 
folks  that  I've  ever  heard  of” 

Results:  “customer  response  has  been 
phenomenal” 

For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 

The  Smart  Choice  for  Text  Retrieval®  since  1991 


‘For  combing  through  large  amounts  of 
data,  dtSearch  ...  leads  the  market” 

—  Network  Computing 

‘Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

‘Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

‘A  powerful  arsenal  of  search  tools” 

—  The  New  York  Times 

‘Powerful  Web-based  engines”  —  eWeek 
‘Blazing  speeds” 

—  Computer  Reseller  News  Test  Center 

‘The  most  powerful  document  search  tool 
on  the  market”  —  Wired  Magazine 
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networkTAPs  > 
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TAP  Into  Your  Network 

Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper  nTAPs 

10/100 . $395 

10/100/1000 . .599?.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SXorLX . $1,495 


Optical  nTAPs 

One-Channel . .539$^  ....$295 

Two-Channel . 5M....$575 

Three-Channel  ....$1<I^....$845 


To  iearn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-nTAP  today.  Free  overnight  delivery.* 
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GDI  offers: 

Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  #-"1 

Remote  Power  control  •  '  1 

Homologous  world-wide  approved  •  -'i 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbanclmanagement.com 


Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
on  RAOIOS,  TACACS-i-  and  other  in-hand 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  hand  access 
when,  in  fact,  they  otter  only  network  security 
which  conflicts  with  out  of  hand  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-hased  protocols. 


VIEW  FOUR  COMPUTERS 


ON  A  SINGLE  MONITOR  SIMULTANEOUSLY 


VGA  &  DVI 


USB  &  PS2 


HIGH  QUALITY  VIDEO 


PiP  MODE 
HDTV 
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See  us  at  Interop,  Las  Vegas-  Nevada,  BOOTH  #1875 


::  UltraMatrix^*^  Remote 

control  up  to  1,000  computers  and 
network  devices  over  IP 

State  of  the  art  security 
High  resolution 
On-screen  menu 
USB  /  PS2 
Serial  Access 


DIGITAL  KVM  OVER  IP 
SIMPLY  THE  BEST ... 

Access  your  computers,  sei^rs,  and  serial 
devices  locally  or  across  your  network  around 
the  world. 

RELAX.  YOU'RE  IN  CONTROL  NOW. 

1 .  State  of  the  Art  Security 

2.  Industry  Best  Video  Resolution 

3.  Responsive,  Real  Time  Mouse  Control 

4.  24/7  Mission  Critical  Reliability 

5.  Dependable,  Powerful,  Secure,  Guaranteed 


::  UltraLink"*^ 


control  up  to  1,000  servers  and  serial 
devices  over  IP 

State  of  the  art  security 
High  resolution 
On-screen  menu 
USB  /  PS2 
Serial  Access 

Single,  Dual,  Quad  models 


control  up  to  1,000  computers  and 
network  devices 
Security  system 
High  resolution 
On-screen  menu 
Multi- platform  /  Serial  Access 
2x,  4x,  8x,  16x 


Extends  keyboard,  video,  and 
mouse  signals  up  to  33,000  feet 
Fiber  /  CATx 
DVI  /  VGA 
PS2/ USB 
High  resolutions 
PC,  Sun,  Audio,  Serial 


Rack  Drawer  KVM,  lU  or  2U 
15"  17",  or  20"  VGA 
PS/2  or  USB 
Touchpad  or  Trackball 
Optional  Touchscreen 
W/  KVM  Switch 


Panel  Mount  LCD 
15"  17"  19",  or  20" 

VGA  /  (DVI  /  S-Video  19"  only) 
Optional  Touchscreen 
W/  Extenders 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
-F44  (0)  1264  85057 
-1-65  6324  2322 
-1-617  3388  1540 


www.rose.com 

281  933  7673  800  333  9343 

ROSE  ELECTRONICS  10707  STANCLIFF  HOUSTON,  TEXAS  77099 
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N-TRON  gives  you  more  ways  to  monitor 
your  Industrial  Ethernet  Network 


Introducing  N-TRON’s  9000  Series  GbE 
industrial  Switch  with  Advanced  Monitoring 
to  bridge  the  gap  between  IT  and  the  Factory 


N-TRON®  manufactures  a  unique  product  that 
bridges  the  domain  between  IT  and  the  Factory 
as  far  as  network  monitoring  software  needs  are 
concerned.  Our  9000  Series  provides  plug-and- 
play  SNMP  and  Web  Browser  monitoring  for  IT, 
and  fully  compliant  OPC/HMI  monitoring  for  the 
Factory,  all  in  a  ruggedized  steel  enclosure  that  is 
capable  of  withstanding  rigorous  environmental 
conditions. 


N-iron 

THE  INDUSTRIAL  NETWORK  COMPANY 

Visit  us  on  the  web  @  www.n-tron.com  or  call  (251)  342-2164 


•  Hardened  Environmental  Specifications 

•  Extended  Temperature,  Shock, 
Vibration,  and  High  Noise  Protection 

•  High  MTBF>1M  Hours 

•  Redundant  Power  Inputs 

•  High  Availabilify 

•  Highest  Reliability  in  the  Industry 

•  Plug-and-Play  Advanced  Monitoring 

•  Full  SNMP  and  Web  Browsing  for  IT 

•  Full  OPC  Compliance  for  the  Factory 


•  Four  Slot  Mix  and  Match  Modular  Switch 

•  Six  Port  10/1  OOBaseTX  Modules 

•  Two  or  Four  Port  100BaseFX  Modules 

•  Two  Optional  Gigabit  Fiber  Ports 

•  Standard  Managed  Switch  Features 

•  IGMP,  Link  Aggregation,  Port  Control, 
Port  Mirroring,  IEEE  802.1  D, 

802.1  p  QoS,  802.3,  802.3u,  802.3x, 
802.1  w  RSTP,  802.1  Q  VLAN,  SNMP, 
and  Web  Browsing 


DonTlerneluioflipomer 
issues  Qive  p  a  lieadaciie 


Hanageprsiisleiii'spoiiierim 
anpliere.  aniilime  uiilli 


START 

Nothing  gives  \rau  a  bigger  headache  than  infrastructure 
hardware  and  sofbvare  probleins  at  the  wrong  tme 
Often  these  issues  cost  you  valuable  system  downtnne 
and  require  a  site  visit  to  reboot  hardware.  Let 
SMARTstart  remote  power  distribution  systems  show 
you  the  efficient  way  to  manage  your  systo's  power. 


•  Trusted  by  major  OEM's 


•  Reboot  from  anywhere,  anytime  via  web  or 
TCP/IP 

*  Remote  power  distribution  and  circuit  protection 
for  AC  or -48  VDC  or +24  VDC  systems 


To 


•  Auto  reset  circuit  breaker  feature  addresses 
no  fault  breaker  trips  for  DC  systems 

AC  PDU  features  auto  power  on  sequence  in  the 
event  of  power  outages.  This  prevents  potential 
damage  as  a  result  of  inrush  currents  when 
power  is  suddenly  restored. 


headache  remedy,  visit 

wmvspeqmver.com/smart 
or  a>li  888-267-1195 
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SPECTRUM  CONTROL  INC. 
Power  Management  Systems  Group 


1.408.727.1122 

info@recurrent.com 


3431  De  La  Cruz  Blvd.  Santa  Clara.  CA  95054 
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icie  makes  nice  with  security  experts 

The  company  improves  its  relationship  with  security  researchers  by  communicating  more  openly. 


^^What  I  really  want 
is  a  world  where  there 
can  be  fair  and  accurate 
criticisms.  I’m  all  for 
dialogue,  but  you  have 
to  establish  trust.W 


Mary  Ann  Davidson,  CSO,  Oracle 


BY  ROBERT  MCMILLAN, 

IDG  NEWS  SERVICE 

Oracle  once  marketed  its  data¬ 
base  as“unbreakable,”but  security 
researcher  David  Litchfield  has  a 
lesser  opinion  of  the  software. 
“God  forbid  that  any  of  our  criti¬ 
cal  national  infrastructure  runs 
on  this  product”  he  said  recently 
on  the  widely  read  Bugtraq  secu¬ 
rity  mailing  list.“Oops  it  does.” 

Security  researchers  such  as 
Litchfield,  managing  director  of 
Next  Generation  Security  Soft¬ 
ware  in  Sutton,  England,  make 
their  living  finding  flaws  in  other 
people’s  software. 

And  while  this  can  put  them  at 
odds  with  software  makers,  the 
relationship  between  Oracle 
and  people  like  Litchfield  has 
been  particularly  bad. 

In  Litchfield’s  case,  the  problems 
go  back  to  2004,  when  he  pub¬ 
lished  details  of  an  unpatched 
Oracle  vulnerability  in  a  presenta¬ 
tion  written  for  the  Black  Hat 
security  conference.  According  to 
Litchfield’s  account.  Oracle  had 
given  him  the  go-ahead  to  discuss 
the  vulnerability  but  changed  its 
mind  at  the  last  minute.  Litchfield 
changed  the  topic  of  his  presenta¬ 
tion,  but  he  was  unable  to  remove 
his  slides  from  the  conference 
hand-out. 

Tense  relationship 

The  next  day,  The  Wall  Street 
Journal  wrote  about  the  flaws, 
and,  ever  since,  the  relationship 
between  Oracle  and  the  tight  net¬ 
work  of  security  researchers  who 
hack  its  products  has  been  tense. 

This  antagonism  has  prevented 
Oracle  from  receiving  indepen¬ 
dent  te.sting  and  security  advice 
that  could  Improve  its  products, 
says  Cesar  Cerrudo,  CEO  of  secu¬ 
rity  research  firm  Argeniss. 
“Oracle  has  ignored  researchers 
and  also  attacked  them,  saying 
that  researchers  are  the  prob¬ 


lem,”  he  says.  “The  problem  is 
Oracle’s  flawed  software  and 
Oracle’s  amateur  handling  of 
security-related  issues.” 

From  Oracle’s  perspective,  re¬ 
searchers  such  as  Litchfield 
profit  from  the  publicity  they  get 
for  exposing  Oracle’s  security 
flaws,  but  that  exposure  comes 
at  a  price:  more  risk  for  Oracle’s 
customers. 

There  is  often  little  upside  to 
cooperating  with  companies  that 
do  not  understand  Oracle  and 
profit  from  publishing  security 
vulnerabilities,  according  to 
Oracle  CSO  Mary  Ann  Davidson. 

“What  1  really  want  is  a  world 
where  there  can  be  fair  and 
accurate  criticisms’’ she  says.’Tm 
all  for  dialogue,  but  you  have  to 
establish  trust.” 

However,  in  the  past  few 
months,  there  have  been  some 
signs  that  things  may  be  chang¬ 
ing  at  Oracle. 

The  company  is  becoming 
better  at  communicating  with 
the  research  community,  says 
Darius  Wiles,  manager  of  Oracle 
Security  Alerts. 

Wiles’ team  is  working  out  a  new 
bug  system  that  will  let  bug  re¬ 
porters  outside  the  company 
know  they  are  not  being  ignored. 
“Once  a  month,  going  forward, 
we’ll  provide  them  with  a  list  of 
everything  that  has  not  yet  been 
fixed  and  indicate  whether  it’s  still 
under  investigation  or  whether  it’s 
been  fixed,”  he  says. 

Taking  a  cue  from  Microsoft, 
Oracle  has  launched  its  own 
security  blog  (http://blogs.oracle 
.com/security/). 

And  Oracle  no  longer  talks 
about  its  products  as  unbreak¬ 
able.  Recently,  Davidson  said  that 
the  first  time  she  heard  the  mar¬ 
keting  slogan,  she  thought,“What 
idiot  dreamed  this  up?” 

This  outreach  is  starting  to  pay 
off.  Earlier  this  month,  Litchfield 


wrote  an  uncharacteristically 
positive  Bugtraq  posting  about 
the  company 

He  said  that  he  believes 
Oracle’s  products  are  becoming 
more  secure  and  even  had  some 
praise  for  his  longtime  nemesis 
Davidson.  “Another  thing  that 
struck  me  was  the  amount  of 
effort  and  time  that  it  must  have 
taken  to  get  a  lumbering  stego¬ 
saurus  of  a  beast  like  Oracle  to 
turn  around,”  he  wrote.“Dare  I  say 
it,  well  done  Mar^’ 

Still,  the  database  giant  is  un¬ 
willing  to  go  as  far  as  its  competi¬ 
tor  Microsoft  in  embracing  the 
“white  hat”  hackers.  Microsoft  has 
invited  researchers,  including 
Litchfield  and  Cerrudo  to  its 
Redmond,  Wash.,  campus  for 
twice-yearly  hacker  conferences, 
called  Blue  Hat. 

Microsoft  says  Blue  Hat  helps  it 
make  its  products  more  secure, 
but  don’t  expect  Oracle  to  invite 
hackers  over  to  its  headquarters 
in  Redwood  Shores, Calif., an34ime 
soon.  Such  an  event  is  really  not 
necessary  Davidson  says.  “Micro¬ 
soft  had  to  go  with  the  hacker  love 
fest  model  because  they’re  a  big 
target,”  she  says. 

Davidson  says  Oracle  and 
Microsoft  have  very  different  pedi¬ 
grees  when  it  comes  to  security 
noting  that  security  has  been  built 
into  the  development  of  Oracle’s 
products  for  years,  a  byproduct  of 
its  long  history  of  government  use. 
The  CIA  was  one  of  Oracle’s  first 
customers,  she  says. 

Oracle’s  security  team  doesn’t 
simply  fix  bugs.  When  a  new 
flaw  is  discovered,  researchers 
make  sure  that  what  they’ve 
learned  also  translates  into 
secure  coding  practices  for  the 
development  team. 

While  Oracle  has  improved  the 


security  of  some  products,  such 
as  the  Oracle  lOg  Release  2 
database,  the  company  still  has 
a  lot  of  work  to  do,  Argeniss’ 
Cerrudo  says. 

“They  said  recently  that  they 
will  change  the  way  they  com¬ 
municate  with  researchers  giv¬ 
ing  more  feedback  information, 
but  nothing  has  happened  yet,” 
he  says. 

No  widespread  attacks 

For  all  the  Oracle  bugs  that  have 
been  found,  it  has  never  suffered  a 
widespread  attack,  like  the 
Slammer  worm,  which  disabled 
Microsoft  SQL  Server  machines 
worldwide  in  2003. 

But  some  observers  say  Ora¬ 
cle’s  reputation  for  security  has 
more  to  do  with  the  fact  that  the 
database  typically  is  buried  in 
the  bowels  of  data  centers  and 
hidden  behind  corporate  fire¬ 
walls,  far  from  the  prying  eyes  of 
hackers.  And  while  users  who 
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have  not  exposed  their  databases 
to  queries  from  outside  partners 
or  customers  may  not  stay  up  late 
at  night  worrying  about  Oracle’s 
security,  they  do  have  concerns 
about  the  future. 

“We’re  in  a  nervous  state,  but  we 
think  it’s  manageable  risk,”  says 
Hal  Kuff,  a  technology  services 
manager  with  Tessco  Technol¬ 
ogies  in  Hunt  Valley,  Md. 

Users  must  first  be  inside 
Tessco’s  LAN  in  order  to  query 
the  database,  Kuff  says.  “If  we 
were  to  pursue  an  Oracle  envi¬ 
ronment  where  we  invited  direct 
connectivity  from  outside  part¬ 
ners,  we  would  reconsider  our 
security  posture,”  he  says. 

As  these  outside  connections 
become  more  common,  thanks  to 
grid  computing  and  Internet  appli¬ 
cations,  outside  experts  such  as 
Litchfield  could  become  impor¬ 
tant  allies  to  Oracle,  Kuff  says. 

The  pervasiveness  Kuff  talks 
about  may  be  closer  than  many 
people  realize.  Late  last  year, 
Litchfield  conducted  a  survey  of 
nearly  a  half-million  computer 
systems  on  the  Internet  and  found 
nearly  as  many  Oracle  databases 
exposed  as  he  did  Microsoft  SQL 
server  systems. 

Extrapolating  from  his  data, 
Litchfield  estimated  about 
140,000  Oracle  servers  not  fire- 
walled  on  the  Internet. There  are 
about  210,000  Microsoft  SQL 
Servers  similarly  unprotected, 
he  says.  ■ 
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BACKSPIN 


Mark  Gibbs 


I  etwork  World’s  front 
page  last  week  fea- 
1  tured  a  story  titled 
“Are  all  rootkits  evil?”  What 
triggered  this  question  was 
the  court-ordered  settlement  handed  down  the  week 
before  that  requires  Sony  BMG  Music  Entertainment  to 
compensate  consumers  who  purchased  Sony  audio  CDs 
that  installed  a  rootkit  when  they  were  played  on  a  PC. 
The  compensation  amounts  to  $7.50  and  a  free  album 
download  from  Sony’s  catalog  for  each  CD  purchased. 

Let’s  see,  at  15  million  purchases  that  works  out  to  a 
total  fine  of  about  $250  million  ...  not  bad.  Certainly  a  lot 
more  than  a  slap  on  the  wrist,  but  is  it  fair? 

1  ask  because  had  some  teenager  in  the  likes  of 
Defiant,  Idaho,  released  similar  code  on  the  world  with 
such  reckless  abandon,  he  would  be  looking  at  a  jail 
term  and  his  parents  would  be  looking  at  bankruptcy 
The  culprit  and  his  parents  would  have  been  held  per¬ 
sonally  responsible. 

So  why  have  no  Sony  BMG  executives  been  held  per¬ 
sonally  responsible  for  their  reckless,  ignorant  decision 
to  distribute  malware  with  their  CDs? 

Remember  Thomas  Hesse,  the  president  of  global  digi¬ 
tal  business  for  Sony  BMG  Music  Entertainment?  When 
the  furor  over  the  Sony  rootkit  was  reaching  a  head,  it 
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was  Hesse  who,  in  an  interview  on  National  Public 
Radio’s  “Morning  Edition,”  said:“Most  people,!  think, 
don’t  even  know  what  a  rootkit  is,  so  why  should  they 
care  about  it?” 

Anyway  it  probably  won’t  come  as  a  surprise  to  find 
out  that  what  happened  to  Hesse,  who  as  top  dog  in  this 
area  surely  should  carry  the  responsibility  of  major  cock- 
ups,  was  nothing.  1  checked  with  his  office,  and  he’s  still 
there  and  still  the  president  of  global  digital  business. 
Amazing. 

The  Network  World  story  continued:“But  the  broader 
rootkit  debate  seems  far  from  over.  ”  Various  people  are 
jumping  into  the  fray  with  some  saying  rootkits  are  a 
practical  and  defensible  technique,  while  others  decry 
them  as  the  spawn  of  the  devil  and  the  beginning  of  the 
end  of  civilization  as  we  know  it. 

What  I  think  that  many  people,  including  those  quoted 
in  the  story  are  missing  is  that  rootkits  aren’t  the  issue. 

Part  of  the  problem  is  that  rootkit  is  an  inexact  term. 
Generally,  rootkit  means  software  that  is  run  at  the  sys¬ 
tem  level  such  that  it  cannot  be  detected. There  are  all 
sorts  of  processes  running  on  computers  that  are  hard  to 
detect  for  a  variety  of  reasons,  but  not  many  are  consid¬ 
ered  rootkits;  they  are  called  things  such  as  drivers  or 
services  or  libraries. 

What  we’re  interested  in  is  software  with  a  hidden 


responsibility 

agenda.  Whether  it  has  a  hidden  and  actionable  agenda 
depends  on  three  things;  The  intention  of  the  code, 
whether  the  code  creator  alerts  the  user  as  to  the  code’s 
deployment,  and  —  this  is  the  big  one  —  whether  the 
operating  system  can  be  defended  against  unauthorized 
modifications  and  audited  to  detect  them  should  modifi¬ 
cations  occur. 

Obviously  code  intended  to  do  anything  the  user 
would  not  approve  or  not  be  aware  of  is  unacceptable 
whether  or  not  its  creator  actually  tells  the  user. 

The  big  problem,  however,  is  to  what  extent  the  operat¬ 
ing  system  provides  a  defense  against  modifications. 
While  there  are  tools  such  as  Faronics  Deepfreeze  (see 
www.nwdocfinder.com/3746)  that  can  wipe  out  unau¬ 
thorized  system  changes,  this  isn’t  the  same  as  detecting 
intrusions  in  real  time.  And  while  there  are  a  few  prod¬ 
ucts  that  attempt  to  guard  Windows  systems  against 
intrusions,  unless  that  defense  is  done  at  a  system  level 
—  say  like  a  rootkit  —  then  it  is  not  going  to  be  effective. 

So  the  issue  with  rootkits  is  not  rootkits  at  all.  It  is  the 
intentions  of  other  people  and  their  code,  and  whether 
we  can  hold  those  people  personally  responsible.  If  they 
work  for  large  corporations,  apparently  we  can’t. 

Outraged?  Tell  me  on  Gibbsblog  or  write  to 
backspin  @gibbs.  com. 


ETBUZZ  News,  insights  and  oddities 

Have  identity  thieves  stolen  my  judgment? 


Paul  McNamara 


As  far  as  scary  identity-theft  stories  go,  the  one  on  the 
front  page  of  lastTuesday’s  New  York  Times  was  sure  to 
leave  many  readers  cowering  under  their  covers  . . . 
especially  those  living  in  Arizona. 

According  to  a  survey  cited  in  the  story,  one  in  every  six  Arizona  adults  has  been  the 
victim  of  identity  theft  sometime  in  the  past  five  years.  Local  law  enforcement  blames  a 
booming  methamphetamine  trade  coupled  with  a  credit-card  industry  that  has  lost  its 
collective  mind  and  thinks  nothing  of  scattering  preapproved  plastic  across  the  coun¬ 
tryside  like  confetti. 

‘There’s  a  disconnect  between  corporate  leadership  at  financial  institutions  and  their 
security  departments,"  says  Brad  Astrowsky,  a  former  prosecutor  quoted  in  the  Times 
story.  "Marketing  people  are  ruling  the  day  in  banking. They  can  do  things  to  fix  the 
problem,  but  they  have  no  incentive  and  motivation  to  do  it.  Preventing  something  from 
happening  is  a  cost.  What’s  the  benefit?  It’s  hard  to  quantify.” 

Guess  that  depends  on  whether  your  identity  has  been  swiped  or  not.  And  while  I 
personally  question  the  soundness  of  that  alarming  one-in-six  statistic,  it’s  certainly 
fair  to  say  that  identity  theft  continues  to  climb  the  charts  among  those  property 
crimes  we  have  come  to  most  fear.  _ 

A  personal  anecdote  in  support  of  that  last  contention:  Recently  I 
was  on  the  horn  with  my  insurance  agent  buying  coverage  for  the  new 
home  we  are  purchasing  (a  process  unpleasant  enough  to  make  me 
wish  someone  would  steal  my  identity  for  at  least  the  duration). 

Generally  speaking,  insurance  agents  who  depend  on  selling  me  extras 
to  make  their  monthly  quotas  will  fare  poorly  at  bonus  time,  as  I  am 
one  of  those  risk-tolerant,  less-is-more  types. 

So  when  the  agent  mentioned  that  I  could  purchase  $15,000  worth  of 
protection  against  identity  theft  for  an  additional  $25  premium  it  sur¬ 
prised  me  no  end  to  hear  the  words  “Yes,  I’ll  take  that"  tumbling  from 
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McNamara’s  online  archive; 

wvvw.nwdocfinder.com/1032 

■  E-mail  highlights  life  in  earlier 
century 

■  Investors  hooked  on  phonics, 
researchers  say. 

■  First  Amendment  takes  a  bite 
out  of  Apple. 


my  mouth.  (It  was  an  easy  "No,  thanks"  on  the  earthquake  and  flood  coverage.) 

Maybe  I  got  ripped  off  —  that’s  always  my  suspicion  when  buying  insurance —  but  I 
had  experienced  one  too  many  brushes  with  identity  theft  (cancelled  credit  cards,  the 
whole  bit)  and  read  one  too  many  horror  stories  even  before  flipping  open  last 
Tuesday's  Times. 

And  apparently  I  am  not  alone.  Network  World  reader  Ed  Martz  offered  this  account 
in  response  to  a  Buzzbiog  item  I  wrote  on  my  insurance  purchase; 

“I  was  offered  a  similar  rider  when  my  homeowner's  policy  was  renewed  last  month, 
and  I  did  exactly  the  same  thing  as  you,”  Martz  writes.  “I  have  tried  to  be  very  careful 
with  my  identity,  but  I  do  know  that  given  how  often  security  seems  to  be  compromised 
lately,  chances  are  good  that  the  crooks  can  get  their  hands  on  it  anyway.  I  know  that 
most  fraudulent  credit  card  purchases  would  likely  not  be  charged  to  me  in  the  event, 
but  I’ve  seen  the  stories  of  folks  who  have  had  to  make  good. 

"It  seems  to  me  that  the  real  loss  to  an  individual  in  an  identity  theft  is  the  damage  to 
one’s  financial  reputation  (i.e.  credit  score),  and  I’m  not  sure  if  that  can  be  repaired 
with  this  insurance,”  he  continues.  “Still,  $25  seems  cheap  enough  for  at  least  some 
peace  of  mind.  I  have  no  idea  if  it’ll  be  worth  it,  and  truthfully,  I  really  don’t  ever  want  to 
find  out.” 

He's  got  that  right.  If  someone  swipes  your  car  orTV  set  that  sucks, 
but  identity  theft  is  different  in  that  it  is  a  crime  that  keeps  on  giving. 
As  I  understand  the  insurance  coverage,  it  would  be  earmarked  for 
putting  back  together  the  pieces  of  my  financial  reputation  should  the 
need  arise.  Would  that  happen  in  real  life?  I  honestly  have  no  idea,  but 
the  promise  and  peace  of  mind,  however  illusory  they  may  prove  to  be, 
seemed  worth  $25  at  the  time. 


Any  thoughts  about  identify-theft  insurance?  Buzz@nww.com  is  the 
address. 
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NetVanta  7100 
integrated  IP  PBX,  Voicemail, 
Auto  Attendant,  Router,  24-port 
PoE  Switch,  VPN,  Firewall 

ADTRAN  offers  a  broad 
»  -  range  of  IP  phones  to 

'  i  meet  your  business 
:  /  communication  needs 


Telephony 


^  NetVanta  7100: 

A  phone  system  and 
data  network, 

all  in  a  single  device 


NetVantallOO — Everything  a  small  office 
needs  for  voice,  data  and  Internet 

The  ADTRAN  NetVanta®  7100  is  the  newest  addition  to  our  field- 
proven  suite  of  NetVanta  switches,  routers  and  VPN/Firewall  solutions. 

This  new  IP  PBX  with  integrated  switch-router — an  Office  in  a  Box — 
— j  provides  a  complete  solution  for  growing  small  and  medium 

j.  businesses.  Your  office  communications  can  be  up  and  running 

!  quickly  and  smoothly  uith  this  converged  IP  platform. 


Imagine  a  comprehensive  telephony  and  data  networking 
solution  that  consolidates  voice,  data,  Internet  and  security- 
all  in  a  single  device. 


High  costs  for  communications  are  now  a  thing  of  the  past. 

With  ADTRAN,  you  can  easily  lower  your  total  cost  of  ownership.  Every 
NetVanta  includes  ADTRAN ’s  100%  satisfaction  guarantee,  backed 
by  industry-leading  technical  support  (before  and  after  the  sale), 
free  firmware  upgrades,  and  a  full  5-year  warranty. 

w\A/v\/.adtr3n.com/ipt 

1.800  9ADTRAN 

(923-8726) 


The  Network  Access  Company 
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Copyright  ■  2006  ADTRAN  Inc  All  rights  reserved.  ADTRAN  and  NetVanta  ate  registered 
trademarks  ol  ADTRAN.  Inc.  Five-year  warranty  applies  in  North  America  and  Europe. 
Polycom  IS  a  registered  trademark  ot  Polycom,  Inc  EN09A031306NWW 
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Nokia  IP390 
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Nokia  IP560 

•  High  port  density 

•  Multi-Gigabit  ethiernet  performance 

•  Low  form  faaor : 

•  Integrates  Check  Point  VPN-1  Power 
and  VPN-1  UTM 

•  Leading  price/performance  in  category 
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Check  Point 

SOFTWARE  TECHNOLOGIES  LTD, 


Check  Point,  mate j 

j  In  today’s  fas^paced  business  environment,  a  j 
I  threat  can  come  at  any  moment.  Thanks  to  nevy 
I  high-performance  IP  Nrewall  appliances  from : 

I  Nokia,  you  are  always  prepared.  Hardened  at  the 
core  by  category-leading  Check  Point  software;  and 
,  boasting  highly  compebtive  price  and  performance  i 

f  points,  they’ll  keep  your  data  center  runnihg— 

securely  and  efficiejtly.  Make  youc  move  at  — - . -  - - - 1  ■  - 

nokiaforbusiness.conrVsecure  ! 

Work  together.  Smarter.  |  Nokiaforbus1ness.com/secure 


NOKIA 

Connecting  People 


